NuclearBB.Root.Path.Parameter.File.Inclusion
Description
NuclearBB Alpha has a remote file inclusion vulnerability. When "register_globals" is enabled a remote attacker can execute arbitrary script code on the web server, with the privileges of the server, via a specially crafted URL request to 'tasks/send_queued_emails.php' with the "root_path" parameter set to specify a malicious PHP file from a remote system.
Affected Products
NuclearBB Alpha 2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Currently we are not aware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |