3 matches found
CVE-2021-37770
Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with...
Nucleus CMS Cross-Site Scripting Vulnerability
Nucleus CMS is an open source PHP-based blog management software package developed by the Nucleus team. A cross-site scripting vulnerability exists in Nucleus CMS version 3.65. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of the 'title'...
CVE-2010-5040
PHP remote file inclusion vulnerability in nucleus/plugins/NPgallery.php in the NPGallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIRNUCLEUS parameter. NOTE: some of these details are obtained from third party information...