Vulnerabilities > Nukeai
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-04 | CVE-2006-6255 | Remote Code Execution vulnerability in Nukeai 0.0.3Beta Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo parameter, which is saved to a filename under descriptions/, which is accessible via a direct request. | 7.5 |
2006-12-01 | CVE-2006-6202 | Remote Code Execution vulnerability in Nukeai Beta0.0.3 PHP remote file inclusion vulnerability in modules/NukeAI/util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to execute arbitrary PHP code via a URL in the AIbasedir parameter. | 7.5 |