Vulnerabilities > CVE-2006-6255 - Remote Code Execution vulnerability in Nukeai 0.0.3Beta
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo parameter, which is saved to a filename under descriptions/, which is accessible via a direct request.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | PHP-Nuke NukeAI Module 3b (util.php) Remote File Include Exploit. CVE-2006-6202,CVE-2006-6255. Webapps exploit for php platform |
| file | exploits/php/webapps/2843.pl |
| id | EDB-ID:2843 |
| last seen | 2016-01-31 |
| modified | 2006-11-24 |
| platform | php |
| port | |
| published | 2006-11-24 |
| reporter | DeltahackingTEAM |
| source | https://www.exploit-db.com/download/2843/ |
| title | PHP-Nuke NukeAI Module 3b util.php Remote File Include Exploit |
| type | webapps |