CVE-2010-2314

PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:edmondhui.homeip:np_twitter:0.8:*:*:*:*:*:*:*
cpe:2.3:a:edmondhui.homeip:np_twitter:0.9:*:*:*:*:*:*:*
cpe:2.3:a:nucleus_group:nucleus_cms:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-06-17 16:30

Updated : 2024-02-04 17:54


NVD link : CVE-2010-2314

Mitre link : CVE-2010-2314

CVE.ORG link : CVE-2010-2314


JSON object : View

Products Affected

edmondhui.homeip

  • np_twitter

nucleus_group

  • nucleus_cms
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')