CVE-2005-0267

Name of the Vulnerable Software and Affected Versions FlatNuke version 2.5.1

Description The issue allows remote attackers to create an administrator account by exploiting a flaw in the url avatar field of the index.php file. This is achieved by using carriage returns and line feeds (#10) in the field, which are then interpreted as a sensitive directive.

Recommendations For FlatNuke version 2.5.1, consider restricting access to the index.php file until a patch is available, and avoid using the url avatar field in a way that could be exploited by attackers. As a temporary workaround, restrict the ability to create new administrator accounts to minimize the risk of exploitation.