CVE-2006-3136 : Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote

Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nucleus including (2) media.php, (3) /xmlrpc/server.php, and (4) /xmlrpc/api_metaweblog.inc.php. NOTE: this is a similar vulnerability to CVE-2006-2583. NOTE: this issue has been disputed by third parties, who state that the DIR_LIBS parameter is defined in an include file before being used

Published 2006-06-22 22:06:00

Updated 2025-01-17 14:15:29

Source MITRE

View at NVD, CVE.org

Vulnerability category: File inclusion

Products affected by CVE-2006-3136

Nucleus Group » Nucleus Cms » Version: 3.2
cpe:2.3:a:nucleus_group:nucleus_cms:3.2:*:*:*:*:*:*:*
Matching versions
Nucleus Group » Nucleus Cms » Version: 3.21
cpe:2.3:a:nucleus_group:nucleus_cms:3.21:*:*:*:*:*:*:*
Matching versions
Nucleus Group » Nucleus Cms » Version: 3.22
cpe:2.3:a:nucleus_group:nucleus_cms:3.22:*:*:*:*:*:*:*
Matching versions
Nucleus Group » Nucleus Cms » Version: 3.23
cpe:2.3:a:nucleus_group:nucleus_cms:3.23:*:*:*:*:*:*:*
Matching versions
Nucleus Group » Nucleus Cms » Version: 3.0 Rc
cpe:2.3:a:nucleus_group:nucleus_cms:3.0_rc:*:*:*:*:*:*:*
Matching versions
Nucleus Group » Nucleus Cms » Version: 3.1
cpe:2.3:a:nucleus_group:nucleus_cms:3.1:*:*:*:*:*:*:*
Matching versions
Nucleus Group » Nucleus Cms » Version: 3.0
cpe:2.3:a:nucleus_group:nucleus_cms:3.0:*:*:*:*:*:*:*
Matching versions
Nucleus Group » Nucleus Cms » Version: 3.0 1
cpe:2.3:a:nucleus_group:nucleus_cms:3.0_1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-3136

EPSS FAQ

3.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-3136

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-01-17
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2006-3136

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2006-3136

http://www.securityfocus.com/archive/1/437986/100/200/threaded
http://www.osvdb.org/27502

404 Not Found
http://securityreason.com/securityalert/1120

file include exploits in nucleus 3.23 - CXSecurity.com
http://www.vupen.com/english/advisories/2006/2408

Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Vendor Advisory
http://www.securityfocus.com/bid/18475

Exploit
http://securitytracker.com/id?1016325

securitytracker.com
http://www.securityfocus.com/archive/1/437423/100/0/threaded

Jump to

Vulnerability Details : CVE-2006-3136

Products affected by CVE-2006-3136

Exploit prediction scoring system (EPSS) score for CVE-2006-3136

CVSS scores for CVE-2006-3136

CWE ids for CVE-2006-3136

References for CVE-2006-3136