CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Nukeai: >> Nukeai >> 0.0.3_beta Security Vulnerabilities

CVE-2006-6255

Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo parameter, which is saved to a filename under descriptions/, which is accessible via a direct request.

CVSS Score

7.5

EPSS Score

0.033

Published

2006-12-04

Page 1

Vulnerabilities

Vulnerable Software

Nukeai: >> Nukeai >> 0.0.3_beta Security Vulnerabilities

Products

Pricing

Contact Us