Flatnuke3 File Manager Module Unauthorized Access Vulnerability

Bugtraq ID:	26155
Class:	Access Validation Error
CVE:	CVE-2007-5772
Remote:	Yes
Local:	No
Published:	Oct 22 2007 12:00AM
Updated:	Nov 15 2007 12:37AM
Credit:	KiNgOfThEwOrLd is credited with the discovery of this vulnerability.
Vulnerable:	Flatnuke3 Flatnuke3 2007-10-10
Not Vulnerable:

Flatnuke3 File Manager Module Unauthorized Access Vulnerability

Flatnuke3 is prone to an unauthorized-access vulnerability because it fails to adequately verify administrative credentials while logging in via the 'File Manager' module.

An attacker can exploit this vulnerability to gain administrative control of the application; other attacks are also possible.

This issue affects Flatnuke3-2007-10-10; other versions may also be vulnerable.

Flatnuke3 File Manager Module Unauthorized Access Vulnerability

Attackers may exploit this issue through a browser.

The following proof-of-concept URIs are available:

• /data/vulnerabilities/exploits/26155.txt

Flatnuke3 File Manager Module Unauthorized Access Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Flatnuke3 File Manager Module Unauthorized Access Vulnerability

References:

• Flatnuke3 Homepage (Flatnuke3)