CVE-2006-6255

2006-12-04T06:28:00
ID CVE-2006-6255
Type cve
Reporter NVD
Modified 2017-10-18T21:29:45

Description

Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo parameter, which is saved to a filename under descriptions/, which is accessible via a direct request.