CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-6255

Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo parameter, which is saved to a filename under descriptions/, which is accessible via a direct request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.033

EPSS Ranking 86.6%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.securityfocus.com/bid/21284
https://exchange.xforce.ibmcloud.com/vulnerabilities/44729
https://www.exploit-db.com/exploits/2843
http://www.securityfocus.com/bid/21284
https://exchange.xforce.ibmcloud.com/vulnerabilities/44729
https://www.exploit-db.com/exploits/2843

Products affected by CVE-2006-6255

Nukeai » Nukeai » Version: 0.0.3_beta

cpe:2.3:a:nukeai:nukeai:0.0.3_beta

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-6255

Products

Pricing

Contact Us