CVE-2005-2815

Name of the Vulnerable Software and Affected Versions FlatNuke version 2.5.6

Description The issue allows remote attackers to obtain sensitive information, such as path disclosure on error, or cause a denial of service due to resource consumption. This can be achieved by providing an MS-DOS device name in the news parameter to "print.php", including device names like AUX, CON, PRN, COM1, or LPT1.

Recommendations For FlatNuke version 2.5.6, consider restricting access to the "print.php" file or validating the news parameter to prevent the use of MS-DOS device names as a temporary workaround until a patch is available.