Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

FlatNuke < 2.5.7 index.php Traversal File Inclusion

Critical

Synopsis

The remote host is vulnerable to an flaw that allows attackers to execute arbitrary commands.

Description

The remote host is running FlatNuke, an open-source content management system. The remote version of this software is prone to a file upload vulnerability. An attacker can specify any arbitrary 'include' file which will then be executed on the target FlatNuke system. Successful exploitation leads to the execution of arbitrary code.

Solution

Upgrade to version 2.5.7 or higher.