CVE-2006-3136

Name of the Vulnerable Software and Affected Versions Nucleus version 3.23

Description The issue allows remote attackers to execute arbitrary PHP code via a URL using the DIR LIBS parameter in various files, including path/action.php, media.php, /xmlrpc/server.php, and /xmlrpc/api metaweblog.inc.php.

Recommendations For Nucleus version 3.23, consider restricting access to the DIR LIBS parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the DIR LIBS parameter in the affected API endpoints until the issue is resolved.