833 B
833 B
CVE-2010-2850
Description
Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter.
POC
Reference
- http://cross-site-scripting.blogspot.com/2010/07/nubuilder-100420-local-file-inclusion.html
- http://packetstormsecurity.org/1007-exploits/nubuilder-lfi.txt
Github
No PoCs found on GitHub currently.