CVE-2006-3608

Name of the Vulnerable Software and Affected Versions Flatnuke versions 2.5.7 and earlier

Description The issue concerns the Gallery module in Flatnuke, where it fails to restrict file extensions for uploaded files starting with a GIF header. This allows remote authenticated users to execute arbitrary PHP code by uploading a .php file.

Recommendations For versions 2.5.7 and earlier, consider disabling the Gallery uploads feature until a patch is available to prevent the execution of arbitrary PHP code. Restrict access to the Gallery module to minimize the risk of exploitation.