CVE-2006-6255 Information

Description

Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke aka Program E is an AIML chatterbot allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo parameter which is saved to a filename under descriptions/ which is accessible via a direct request.

Reference

http://www.securityfocus.com/bid/21284 https://exchange.xforce.ibmcloud.com/vulnerabilities/44729 https://www.exploit-db.com/exploits/2843