Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation10 reference(s) from NVD