Unrated severityNVD Advisory· Published Sep 26, 2007· Updated Apr 23, 2026

CVE-2007-5109

Description

Cross-site request forgery (CSRF) vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified (1) regpass and (2) level parameters in a none_Login action, as demonstrated by using a Flash object to automatically make the request.

Affected products

Flatnuke/Flatnuke
cpe:2.3:a:flatnuke:flatnuke:2.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/26957nvd
securityreason.com/securityalert/3176nvd
www.securityfocus.com/archive/1/480468/100/0/threadednvd
www.securityfocus.com/bid/25817nvd
exchange.xforce.ibmcloud.com/vulnerabilities/36763nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000