FlatNuke contains a flaw that may allow a malicious user to execute arbitrary PHP command. The issue is due to insufficient input validation in the referer.php script. When an attacker first sends a specially crafted request with a spoofed referer field to the website, then directly accesses the referer.php script, the website will execute the PHP commands in the referer field.
Remote / Network Access
Loss of Integrity
Upgrade to version 2.5.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.