vendor:
NukeHall
by:
cr4wl3r
7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: NukeHall
Affected Version From: 0.3
Affected Version To: 0.3
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
NukeHall <= 0.3 Multiple Remote File Include Vulnerability
NukeHall version 0.3 is vulnerable to multiple Remote File Include vulnerabilities. The vulnerable files are blocks.php, messages.php and stories.php located in the admin/modules directory. An attacker can exploit these vulnerabilities by sending a malicious URL in the spaw_root parameter. This will allow the attacker to execute arbitrary code on the vulnerable server.
Mitigation:
Upgrade to the latest version of NukeHall.