CVE-2005-2540

critical

Description

CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed by a direct request.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/21709

http://www.securityfocus.com/bid/14485

http://www.osvdb.org/18554

http://secunia.com/advisories/16330

http://marc.info/?l=bugtraq&m=112327238030127&w=2

Details

Source: Mitre, NVD

Published: 2005-08-10

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical