Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote...
7AI Score
0.003EPSS
Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00...
6.6AI Score
0.013EPSS
Cross-site request forgery (CSRF) vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile...
6.9AI Score
0.002EPSS
index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error...
6.2AI Score
0.004EPSS