Name of the Vulnerable Software and Affected Versions:

FlatNuke version 2.5.3

Description:

A direct code injection issue allows remote attackers to execute arbitrary PHP code by placing the code into the `referer` header of an HTTP request. This causes the code to be injected into `referer.php`, which can then be accessed by the attacker.

Recommendations:

For FlatNuke version 2.5.3, consider restricting access to the `referer.php` file as a temporary workaround until a patch is available. Avoid using the `referer` header in HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.