Vulnerability Description
Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo parameter, which is saved to a filename under descriptions/, which is accessible via a direct request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nukeai | Nukeai | 0.0.3_beta |
References
- http://www.securityfocus.com/bid/21284Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44729
- https://www.exploit-db.com/exploits/2843
- http://www.securityfocus.com/bid/21284Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44729
- https://www.exploit-db.com/exploits/2843
FAQ
What is CVE-2006-6255?
CVE-2006-6255 is a vulnerability with a CVSS score of 7.5 (HIGH). Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP co...
How severe is CVE-2006-6255?
CVE-2006-6255 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6255?
Check the references section above for vendor advisories and patch information. Affected products include: Nukeai Nukeai.