[原文]FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message.
FlatNuke foot_news.php Direct Request CPU Consumption DoS
Remote / Network Access
Denial of Service
Loss of Availability
Flatnuke contains a flaw that may allow a remote denial of service. The issue is due to an unspecified error in "foot_news.php" script that causes high CPU resource consumption when the script is directly called.
Upgrade to version 2.5.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.