Nucleus pluginadmin.php Arbitrary Command Execution

2004-07-13T05:33:18
ID OSVDB:8128
Type osvdb
Reporter OSVDB
Modified 2004-07-13T05:33:18

Description

Vulnerability Description

Nucleus contains a flaw that may allow a remote attacker to execute arbitrary commands. The problem is that the 'pluginadmin.php' script does not properly validate user-supplied input. It is possible that the flaw may allow a remote attacker to execute arbitrary commands resulting in a loss of integrity.

Technical Description

The register_globals option must be enabled to exploit this vulnerability.

Solution Description

Upgrade to version 3.01 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Nucleus contains a flaw that may allow a remote attacker to execute arbitrary commands. The problem is that the 'pluginadmin.php' script does not properly validate user-supplied input. It is possible that the flaw may allow a remote attacker to execute arbitrary commands resulting in a loss of integrity.

References:

Vendor URL: http://nucleuscms.org/ Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:12097 ISS X-Force ID: 16744