QwikSec

Security Database

CVE

CWE

Training

CVE-2010-2314

Published: Jun 17, 2010

Modified: Sep 16, 2024

PUBLISHED

Description

PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.exploit-db.com/exploits/12790/

x_refsource_MISC

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_OSVDB

third-party-advisory

x_refsource_SECUNIA

http://packetstormsecurity.org/1005-exploits/nucleustwitter-rfi.txt

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.