PT-2011-1975 · Nucleus · Np Gallery+1

Antisecurity

Published

2011-11-02

Updated

2011-11-16

CVE-2010-5040

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Nucleus NP Gallery plugin version 0.94

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the DIR NUCLEUS parameter. This is a PHP remote file inclusion vulnerability in the NP Gallery plugin for Nucleus.

Recommendations For Nucleus NP Gallery plugin version 0.94, consider disabling the NP Gallery plugin until a patch is available to prevent exploitation. Restrict access to the NP gallery.php file to minimize the risk of arbitrary PHP code execution. Avoid using the DIR NUCLEUS parameter in the affected plugin until the issue is resolved.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2010-5040

Affected Products

Np Gallery

Nucleus

PT-2011-1975 · Nucleus · Np Gallery+1

CVE-2010-5040

Weakness Enumeration

Related Identifiers

Affected Products

References · 7