FlatNuke < 2.5.7 index.php Traversal File Inclusion

Critical Nessus Network Monitor Plugin ID 3265


The remote host is vulnerable to an flaw that allows attackers to execute arbitrary commands.


The remote host is running FlatNuke, an open-source content management system. The remote version of this software is prone to a file upload vulnerability. An attacker can specify any arbitrary 'include' file which will then be executed on the target FlatNuke system. Successful exploitation leads to the execution of arbitrary code.


Upgrade to version 2.5.7 or higher.

Plugin Details

Severity: Critical

ID: 3265

File Name: 3265.prm

Family: CGI

Published: 2005/10/25

Modified: 2016/01/19

Dependencies: 1442

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C


Base Score: 9.8

Temporal Score: 9.4


Temporal Vector: CVSS3#E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:flatnuke:flatnuke

Reference Information

CVE: CVE-2005-4448, CVE-2005-2813, CVE-2005-3307, CVE-2005-4208

BID: 15172, 15796

OSVDB: 20245, 22783