Unrated severityNVD Advisory· Published Jun 9, 2005· Updated Apr 16, 2026

CVE-2005-1894

Description

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.

Affected products

Flatnuke/Flatnuke
cpe:2.3:a:flatnuke:flatnuke:2.5.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

flatnuke.sourceforge.net/index.phpnvdPatchProduct
secunia.com/advisories/15603nvdBroken LinkPatchVendor Advisory
securitytracker.com/idnvdBroken LinkExploitPatchThird Party AdvisoryVDB Entry
secwatch.org/advisories/secwatch/20050604_flatnuke.txtnvdBroken LinkExploitPatchVendor Advisory
www.vupen.com/english/advisories/2005/0697nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000