CVE-2006-6255

2006-12-04T11:28:00
ID CVE-2006-6255
Type cve
Reporter cve@mitre.org
Modified 2017-10-19T01:29:00

Description

Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo parameter, which is saved to a filename under descriptions/, which is accessible via a direct request.