Unrated severityNVD Advisory· Published Dec 21, 2005· Updated Apr 16, 2026

CVE-2005-4449

Description

verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, then this issue does not cross privilege boundaries and would not be a vulnerability.

Affected products

Flatnuke/Flatnuke
cpe:2.3:a:flatnuke:flatnuke:2.5.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securitytracker.com/idnvdExploit
www.securityfocus.com/archive/1/419107nvdExploit
cvs.sourceforge.net/viewcvs.py/flatnuke/flatnuke/Changelognvd
securityreason.com/securityalert/248nvd
exchange.xforce.ibmcloud.com/vulnerabilities/22159nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000