Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with shell, treat it as PHP, execute commands, so as to take down website resources.
Max CVSS
7.2
EPSS Score
0.13%
Published
2022-06-30
Updated
2022-07-09
Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter.
Max CVSS
6.5
EPSS Score
0.05%
Published
2018-12-10
Updated
2019-10-03
Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item.
Max CVSS
4.3
EPSS Score
0.17%
Published
2015-07-08
Updated
2019-02-26
Nucleus 3.61 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/api_nucleus.inc.php and certain other files.
Max CVSS
5.0
EPSS Score
0.31%
Published
2011-09-24
Updated
2017-08-29
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!