Path Disclosure and Denial of Service Vulnerability in FlatNuke 2.5.6 via MS-DOS Device Names in print.php

Path Disclosure and Denial of Service Vulnerability in FlatNuke 2.5.6 via MS-DOS Device Names in print.php

CVE-2005-2815 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:P

print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.

Learn more about our Web Application Penetration Testing UK.