CVE-2005-1892

Name of the Vulnerable Software and Affected Versions FlatNuke version 2.5.3

Description The issue allows remote attackers to cause a denial of service or obtain sensitive information. This can be achieved through a direct request to "foot news.php", which triggers an infinite loop, or through direct requests to unknown scripts, which reveals the web document root in an error message.

Recommendations For FlatNuke version 2.5.3, consider restricting access to the "foot news.php" script and unknown scripts to minimize the risk of exploitation. As a temporary workaround, disabling the execution of unknown scripts and limiting access to sensitive information can help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.