CVE-2007-5773

Name of the Vulnerable Software and Affected Versions Flatnuke version 3

Description A cross-site request forgery (CSRF) issue exists, allowing remote attackers to perform actions as administrators. This is achieved through requests that contain the pathname in the dir parameter and the filename in the ffile parameter.

Recommendations For Flatnuke version 3, consider restricting access to the File Manager module until a fix is available. As a temporary workaround, avoid using the dir and ffile parameters in requests to the index.php file.