Nucleus CMS/Blog:CMS/PunBB Common.PHP Remote File Include Vulnerability

info
discussion
exploit
solution
references

Nucleus CMS/Blog:CMS/PunBB Common.PHP Remote File Include Vulnerability

Nucleus CMS, Blog:CMS, and PunBB are vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable computer.

Input passed to the 'common.php' script is not sufficiently sanitized.

All three applications are vulnerable because they have a similar or identical code base.