CVE-2006-3136 Information

Description

LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks DISPUTED LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php and to files in path/nucleus including (2) media.php (3) /xmlrpc/server.php and (4) /xmlrpc/api_metaweblog.inc.php. NOTE: this is a similar vulnerability to CVE-2006-2583. NOTE: this issue has been disputed by third parties who state that the DIR_LIBS parameter is defined in an include file before being used.

Reference

http://securityreason.com/securityalert/1120 http://securitytracker.com/id?1016325 http://www.osvdb.org/27502 http://www.securityfocus.com/archive/1/437423/100/0/threaded http://www.securityfocus.com/archive/1/437986/100/200/threaded http://www.securityfocus.com/bid/18475 http://www.vupen.com/english/advisories/2006/2408