Title : OpenPHPNuke "root_path" Variable Handling Remote File Inclusion Vulnerability VUPEN ID : VUPEN/ADV-2006-1575 CVE ID : CVE-2006-2137
Rated as : High Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-05-01
Technical Description
A vulnerability has been identified in OpenPHPNuke, which may be exploited by attackers to execute arbitrary commands. This flaw is due to an input validation error in the "master.php" script that does not validate the "root_path" parameter, which could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.
