Vulnerabilities > CVE-2006-2583 - Remote File Include vulnerability in Nucleus CMS GLOBALS[DIR_LIBS] Parameter

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

nucleus-group

nessus

exploit available

NVD

Published: 2006-05-25

Updated: 2018-10-18

Summary

PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter.

Vulnerable Configurations

Part	Description	Count
Application	Nucleus_Group Nucleus Group Nucleus CMS *	1

Exploit-Db

description	Nucleus CMS <= 3.22 (DIR_LIBS) Arbitrary Remote Inclusion Exploit. CVE-2006-2583. Webapps exploit for php platform
id	EDB-ID:1816
last seen	2016-01-31
modified	2006-05-23
published	2006-05-23
reporter	rgod
source	https://www.exploit-db.com/download/1816/
title	Nucleus CMS <= 3.22 DIR_LIBS Arbitrary Remote Inclusion Exploit

Nessus

NASL family	CGI abuses
NASL id	NUCLEUS_DIR_LIBS_FILE_INCLUDE.NASL
description	The remote host is running Nucleus CMS, an open source content management system. The version of Nucleus CMS installed on the remote host fails to sanitize input to the
last seen	2020-06-01
modified	2020-06-02
plugin id	21596
published	2006-05-25
reporter	This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/21596
title	Nucleus CMS PLUGINADMIN.php DIR_LIBS Parameter Remote File Inclusion

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References