VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 26, 2005· Updated Jun 16, 2026

CVE-2005-3307

CVE-2005-3307

Description

Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to read arbitrary files via ".." sequences in the (1) user parameter in a profile operation or (2) quale parameter in a newtopic operation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

Root cause

"Failure to properly sanitize user-supplied input in the `index.php` script allows directory traversal."

Attack vector

Remote attackers can exploit this vulnerability by sending crafted ".." sequences within the `user` parameter during a profile operation or the `quale` parameter during a newtopic operation. The application fails to validate these inputs, allowing an attacker to read arbitrary files on the server. The advisory notes that an attacker must be logged into the application to exploit these vulnerabilities [ref_id=2].

Affected code

The vulnerability exists in the `index.php` script of FlatNuke. Specifically, the `user` parameter in profile operations and the `quale` parameter in newtopic operations are susceptible to directory traversal attacks due to insufficient input validation [ref_id=1, ref_id=2].

What the fix does

The advisory does not provide specific details on the patch or how it addresses the vulnerability. However, it indicates that the issue stems from a failure in the application to properly sanitize user-supplied input [ref_id=2]. Remediation guidance suggests updating to a patched version, though specific patch details are not available in the provided references.

Preconditions

  • authThe attacker must have an account and be logged into the application.

Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.