Description
PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrowser 2.1 to 2.5 allows remote attackers to execute arbitrary PHP code via the filhead parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Havenard · textwebappsphp
https://www.exploit-db.com/exploits/22206
References (4)
Core 4
Core References
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1006031
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6731
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/7986
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11217
Scores
EPSS
0.0259
EPSS Percentile
85.8%
Details
CWE
CWE-94
Status
published
Products (6)
crossnuke/nukebrowser
2.1
crossnuke/nukebrowser
2.3
crossnuke/nukebrowser
2.5
crossnuke/nukebrowser
2.11
crossnuke/nukebrowser
2.20
crossnuke/nukebrowser
2.41
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026