CVE-2010-5040

Name of the Vulnerable Software and Affected Versions Nucleus NP Gallery plugin version 0.94

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the DIR NUCLEUS parameter. This is a PHP remote file inclusion vulnerability in the NP Gallery plugin for Nucleus.

Recommendations For Nucleus NP Gallery plugin version 0.94, consider disabling the NP Gallery plugin until a patch is available to prevent exploitation. Restrict access to the NP gallery.php file to minimize the risk of arbitrary PHP code execution. Avoid using the DIR NUCLEUS parameter in the affected plugin until the issue is resolved.