Nucleus CMS < 3.15 Multiple Vulnerabilities

high Nessus Plugin ID 15788

Synopsis

The remote service is vulnerable to multiple flaws.

Description

The remote host is running Nucleus CMS, an open source content management system.

The remote version of this software is vulnerable to various flaws that may allow an attacker to perform a cross-site scripting attack using the remote host and to perform a SQL injection attack on the remote database.

Solution

Upgrade to Nucleus 3.15 or newer.

Plugin Details

Severity: High

ID: 15788

File Name: nucleus_multiple_vulns.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 11/23/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:nucleus_group:nucleus_cms

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 11631

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990