Vulnerabilities > CVE-2006-2583 - Remote File Include vulnerability in Nucleus CMS GLOBALS[DIR_LIBS] Parameter
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Nucleus CMS <= 3.22 (DIR_LIBS) Arbitrary Remote Inclusion Exploit. CVE-2006-2583. Webapps exploit for php platform |
id | EDB-ID:1816 |
last seen | 2016-01-31 |
modified | 2006-05-23 |
published | 2006-05-23 |
reporter | rgod |
source | https://www.exploit-db.com/download/1816/ |
title | Nucleus CMS <= 3.22 DIR_LIBS Arbitrary Remote Inclusion Exploit |
Nessus
NASL family | CGI abuses |
NASL id | NUCLEUS_DIR_LIBS_FILE_INCLUDE.NASL |
description | The remote host is running Nucleus CMS, an open source content management system. The version of Nucleus CMS installed on the remote host fails to sanitize input to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21596 |
published | 2006-05-25 |
reporter | This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/21596 |
title | Nucleus CMS PLUGINADMIN.php DIR_LIBS Parameter Remote File Inclusion |
References
- http://forum.nucleuscms.org/viewtopic.php?t=12304
- http://retrogod.altervista.org/nucleus_322_incl_xpl.html
- http://secunia.com/advisories/20219
- http://securityreason.com/securityalert/951
- http://securitytracker.com/id?1016146
- http://www.nucleuscms.org/item/3038
- http://www.osvdb.org/25749
- http://www.securityfocus.com/archive/1/434837/100/0/threaded
- http://www.securityfocus.com/bid/18097
- http://www.vupen.com/english/advisories/2006/1936
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26606