CVE-2006-3136

Опубликовано: 22 июн. 2006

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nucleus including (2) media.php, (3) /xmlrpc/server.php, and (4) /xmlrpc/api_metaweblog.inc.php. NOTE: this is a similar vulnerability to CVE-2006-2583. NOTE: this issue has been disputed by third parties, who state that the DIR_LIBS parameter is defined in an include file before being used

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nucleus_group:nucleus_cms:3.0:*:*:*:*:*:*:*

cpe:2.3:a:nucleus_group:nucleus_cms:3.0_1:*:*:*:*:*:*:*

cpe:2.3:a:nucleus_group:nucleus_cms:3.0_rc:*:*:*:*:*:*:*

cpe:2.3:a:nucleus_group:nucleus_cms:3.1:*:*:*:*:*:*:*

cpe:2.3:a:nucleus_group:nucleus_cms:3.2:*:*:*:*:*:*:*

cpe:2.3:a:nucleus_group:nucleus_cms:3.21:*:*:*:*:*:*:*

cpe:2.3:a:nucleus_group:nucleus_cms:3.22:*:*:*:*:*:*:*

cpe:2.3:a:nucleus_group:nucleus_cms:3.23:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02095

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-76h5-j8hw-99ch

CVSS3: 9.8

github

почти 4 года назад

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nucleus including (2) media.php, (3) /xmlrpc/server.php, and (4) /xmlrpc/api_metaweblog.inc.php. NOTE: this is a similar vulnerability to CVE-2006-2583. NOTE: this issue has been disputed by third parties, who state that the DIR_LIBS parameter is defined in an include file before being used.

EPSS

Процентиль: 84%

0.02095

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94