← back
CVE-2006-6255

CVE-2006-6255

EPSS 2.2%
Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo parameter, which is saved to a filename under descriptions/, which is accessible via a direct request.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/2843unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/44729https://www.exploit-db.com/exploits/2843http://www.securityfocus.com/bid/21284