Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2583

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2583
Last Modified 07 Mar 2011 09:36:32
Published 25 May 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2583

Summary

PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter.

Vulnerable Systems

Application

  • Nucleus Group Nucleus Cms 3.22


References

SECUNIA - 20219

VUPEN - ADV-2006-1936

BUGTRAQ - 20060523 Nucleus CMS <= 3.22 arbitrary remote inclusion

CONFIRM - http://www.nucleuscms.org/item/3038

MISC - http://retrogod.altervista.org/nucleus_322_incl_xpl.html

CONFIRM - http://forum.nucleuscms.org/viewtopic.php?t=12304

XF - nucleus-dirlibs-file-include(26606)

BID - 18097

OSVDB - 25749

SECTRACK - 1016146

SREASON - 951


Last Updated: 27 May 2016 10:42:40