CVE-2010-2314

Name of the Vulnerable Software and Affected Versions Nucleus NP Twitter Plugin versions 0.8 through 0.9

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the DIR PLUGINS parameter when register globals is enabled.

Recommendations For Nucleus NP Twitter Plugin versions 0.8 through 0.9, consider disabling the NP Twitter plugin until a patch is available. Restrict access to the nucleus/plugins/NP Twitter.php file to minimize the risk of exploitation. Avoid using the DIR PLUGINS parameter in affected configurations until the issue is resolved.