CVE-2005-1894

Name of the Vulnerable Software and Affected Versions FlatNuke version 2.5.3

Description A direct code injection issue allows remote attackers to execute arbitrary PHP code by placing the code into the referer header of an HTTP request. This causes the code to be injected into referer.php, which can then be accessed by the attacker.

Recommendations For FlatNuke version 2.5.3, consider restricting access to the referer.php file as a temporary workaround until a patch is available. Avoid using the referer header in HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.