print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Flatnuke | Flatnuke | 2.5.6 (including) | 2.5.6 (including) |