CVE-2005-2540

Name of the Vulnerable Software and Affected Versions FlatNuke versions 2.5.5 and earlier

Description The issue allows remote attackers to execute arbitrary PHP commands via a CRLF injection in the signature field. This occurs because the field's input is injected into a PHP script without proper sanitization, specifically lacking a preceding comment character. As a result, an attacker can inject an ASCII char 13 (carriage return) to manipulate the script's execution. This can be exploited by making a direct request to the vulnerable endpoint.

Recommendations For FlatNuke versions 2.5.5 and earlier, consider restricting access to the signature field to minimize the risk of exploitation until a proper fix is applied. Additionally, ensure that all user input is properly sanitized before being injected into PHP scripts.