Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2006-3136

EPSS 2.10% · P84
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-3136

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nucleus including (2) media.php, (3) /xmlrpc/server.php, and (4) /xmlrpc/api_metaweblog.inc.php. NOTE: this is a similar vulnerability to CVE-2006-2583. NOTE: this issue has been disputed by third parties, who state that the DIR_LIBS parameter is defined in an include file before being used
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nucleus CMS 多个远程文件包含漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
**有争议** Nucleus 3.23存在多个PHP远程文件包含漏洞。远程攻击者可以借助(1) path/action.php中, 以及对包括 (2) media.php, (3) /xmlrpc/server.php和(4) /xmlrpc/api_metaweblog.inc.php的path/nucleus中的文件的DIR_LIBS参数中的URL,执行任意PHP代码。 注:此漏洞类似于CVE-2006-2583。注:第三方对此提出反驳,声称DIR_LIBS 参数在被使用前已在include文件中定
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2006-3136

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2006-3136

登录查看更多情报信息。

Same Patch Batch · n/a · 2006-06-22 · 37 CVEs total

CVE-2006-3164TPL Design TplShop Category.PHP SQL注入漏洞
CVE-2006-3156Ultimate eShop Index.CGI 跨站脚本攻击漏洞
CVE-2006-3157Thinkfactory UltimateGoogle Index.PHP 跨站脚本漏洞
CVE-2006-3158Eduha Meeting Index.PHP 任意文件上载漏洞
CVE-2006-3159Sun iPlanet/Java Messaging Server pipe_master 访问验证漏洞
CVE-2006-3160Simple File Manager FM.php 跨站脚本攻击漏洞
CVE-2006-3161SaphpLesson misc.php SQL注入漏洞
CVE-2006-3162DreamAccount index.php 远程文件包含漏洞
CVE-2006-3163IMGallery Galeria.PHP 多个SQL注入漏洞
CVE-2006-3155Ultimate Auction 多个跨站脚本攻击(XSS) 漏洞
CVE-2006-3165Free Realty Propview.PHP SQL注入漏洞
CVE-2006-3166Free Realty propview.php 跨站脚本攻击(XSS)漏洞
CVE-2006-3167Free Realty 未明信息泄露漏洞
CVE-2006-3129NC Linklist Index.PHP 多个跨站脚本攻击漏洞
CVE-2006-3130Clubpage index.asp SQL注入漏洞
CVE-2006-3131Clubpage 多个跨站脚本攻击(XSS)漏洞
CVE-2006-3132QTOFileManager qtofm.php4 跨站脚本攻击(XSS)漏洞
CVE-2006-3014Microsoft Office 嵌入Shockwave Flash对象 安全限制绕过漏洞
CVE-2006-3146Toshiba蓝牙协议栈 TOSRFBD.SYS 远程拒绝服务漏洞
CVE-2006-3138PHPMyDirectory 多个跨站脚本攻击漏洞

Showing top 20 of 37 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2006-3136

No comments yet

Leave a comment