CVE-2006-2583 - PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier

CVE-2006-2583

Summary

PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter.

References

Vulnerable Configurations

cpe:2.3:a:nucleus_group:nucleus_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:nucleus_group:nucleus_cms:*:*:*:*:*:*:*:*

CVSS

Base:	5.1 (as of 18-10-2018 - 16:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

refmap via4

bid	18097
bugtraq	20060523 Nucleus CMS <= 3.22 arbitrary remote inclusion
confirm	http://forum.nucleuscms.org/viewtopic.php?t=12304 http://www.nucleuscms.org/item/3038
misc	http://retrogod.altervista.org/nucleus_322_incl_xpl.html
osvdb	25749
sectrack	1016146
secunia	20219
sreason	951
vupen	ADV-2006-1936
xf	nucleus-dirlibs-file-include(26606)

Last major update

18-10-2018 - 16:40

Published

25-05-2006 - 10:02

Last modified

18-10-2018 - 16:40