Unrated severityNVD Advisory· Published Aug 10, 2005· Updated Apr 16, 2026

CVE-2005-2540

Description

CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed by a direct request.

Affected products

Flatnuke/Flatnuke
cpe:2.3:a:flatnuke:flatnuke:2.5.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.rgod.altervista.org/flatnuke.htmlnvdExploit
marc.infonvd
secunia.com/advisories/16330nvd
www.osvdb.org/18554nvd
www.securityfocus.com/bid/14485nvd
exchange.xforce.ibmcloud.com/vulnerabilities/21709nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000