RCE in Edmondhui.homeip Np_twitter
CVE-2010-2314
PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGIN…
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.047 (90.7th percentile) — read the EPSS interpretation.
Affected products
- Edmondhui.homeip Np_twitter — versions 0.9, 0.8
- Nucleus_group Nucleus_cms
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (Exploit, vdb-entry, x_refsource_BID)
- cve@mitre.org (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
- cve@mitre.org (x_refsource_OSVDB, Exploit, vdb-entry)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- cve@mitre.org (Exploit, x_refsource_MISC)