7.5
CVSSv2

CVE-2006-3136

Published: 22/06/2006 Updated: 14/05/2024
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote malicious users to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nucleus including (2) media.php, (3) /xmlrpc/server.php, and (4) /xmlrpc/api_metaweblog.inc.php. NOTE: this is a similar vulnerability to CVE-2006-2583. NOTE: this issue has been disputed by third parties, who state that the DIR_LIBS parameter is defined in an include file before being used

Vulnerable Product Search on Vulmon Subscribe to Product

nucleus group nucleus cms 3.0

nucleus group nucleus cms 3.23

nucleus group nucleus cms 3.0_rc

nucleus group nucleus cms 3.1

nucleus group nucleus cms 3.21

nucleus group nucleus cms 3.22

nucleus group nucleus cms 3.0_1

nucleus group nucleus cms 3.2