CVE-2006-2737

Nukedit <4.9.6 - RCE

Title source: llm

Description

utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by FarhadKey · htmlwebappsasp

https://www.exploit-db.com/exploits/1850

View Code ZIP pw:eip

References (8)

[Third Party Advisory] http://securityreason.com/securityalert/1013

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26951

[Exploit, Vendor Advisory] http://www.kapda.ir/advisory-337.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/435311/100/0/threaded

[Exploit] http://www.kapda.ir/attach-1661-nukedit.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/18157

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/2052

[Vendor Advisory] http://secunia.com/advisories/20348

Scores

EPSS 0.0962

EPSS Percentile 92.9%

Details

Status published

Products (5)

nukedit/nukedit 4.9.0

nukedit/nukedit 4.9.1

nukedit/nukedit 4.9.2

nukedit/nukedit 4.9.3

nukedit/nukedit < 4.9.6

Published Jun 01, 2006

Tracked Since Feb 18, 2026