CVE-2003-1436

Nukebrowser 2.1-2.5 - Remote Code Execution via filhead Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1436. PoCs published by Havenard.

AI-analyzed exploit summary This exploit demonstrates a file inclusion vulnerability in Nukebrowser's nukebrowser.php script, allowing remote attackers to include arbitrary files from external servers via manipulated URI parameters. The PoC shows how an attacker can execute commands by pointing to a remote cmd.txt file.

Description

PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrowser 2.1 to 2.5 allows remote attackers to execute arbitrary PHP code via the filhead parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Havenard · textwebappsphp
https://www.exploit-db.com/exploits/22206

This exploit demonstrates a file inclusion vulnerability in Nukebrowser's nukebrowser.php script, allowing remote attackers to include arbitrary files from external servers via manipulated URI parameters. The PoC shows how an attacker can execute commands by pointing to a remote cmd.txt file.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Nukebrowser (version not specified)
No auth needed
Prerequisites: Access to the vulnerable nukebrowser.php script · Ability to host a malicious cmd.txt file on an external server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1006031
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6731
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/7986
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11217

Scores

EPSS 0.0207
EPSS Percentile 79.1%

Details

CWE
CWE-94
Status published
Products (6)
crossnuke/nukebrowser 2.1
crossnuke/nukebrowser 2.3
crossnuke/nukebrowser 2.5
crossnuke/nukebrowser 2.11
crossnuke/nukebrowser 2.20
crossnuke/nukebrowser 2.41
Published Dec 31, 2003
Tracked Since Feb 18, 2026