Unrated severityNVD Advisory· Published Nov 1, 2007· Updated Apr 23, 2026

CVE-2007-5772

Description

Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote attackers can exploit this by leveraging a cookie manipulation issue.

Affected products

Flatnuke3/Flatnuke3
cpe:2.3:a:flatnuke3:flatnuke3:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

osvdb.org/43636nvd
www.securityfocus.com/archive/1/482774/100/0/threadednvd
www.exploit-db.com/exploits/4562nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000