CVE-2006-6255

Name of the Vulnerable Software and Affected Versions NukeAI version 0.0.3 Beta

Description A direct static code injection issue allows remote attackers to upload and execute arbitrary PHP code. This is achieved by sending a filename with a .php extension in the filename parameter and malicious code in the moreinfo parameter. The code is saved to a file under the descriptions/ directory, which can be accessed directly.

Recommendations For NukeAI version 0.0.3 Beta, consider restricting access to the util.php file and the descriptions/ directory to prevent exploitation. As a temporary workaround, avoid using the filename and moreinfo parameters in the affected module until a patch is available.