CVE-2010-5040 in Np Gallery Plugin
Summary
by MITRE
PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS parameter. NOTE: some of these details are obtained from third party information.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 10/17/2025
The CVE-2010-5040 vulnerability represents a critical remote file inclusion flaw in the NP_Gallery plugin version 0.94 for the Nucleus CMS platform. This vulnerability resides within the nucleus/plugins/NP_gallery.php file and demonstrates a classic path traversal and code execution weakness that has been prevalent in web application security for decades. The flaw specifically manifests when the application fails to properly validate or sanitize user-supplied input parameters, creating an avenue for malicious actors to inject arbitrary PHP code through the DIR_NUCLEUS parameter. This type of vulnerability falls under the CWE-94 category of "Improper Control of Generation of Code" and more specifically aligns with CWE-434 which addresses "Unrestricted Upload of File with Dangerous Type," though the primary classification here is code injection through parameter manipulation.
The technical exploitation of this vulnerability occurs when an attacker can manipulate the DIR_NUCLEUS parameter to point to a remote malicious PHP script hosted on an external server. When the vulnerable Nucleus CMS processes this parameter, it treats the remote URL as a local file path and attempts to include or execute the contents, thereby allowing the attacker to run arbitrary code on the target server with the privileges of the web application. This represents a severe privilege escalation scenario where the attacker can potentially gain full control over the web server, access sensitive data, or establish persistent backdoors. The vulnerability's impact is amplified by the fact that it requires no authentication to exploit, making it particularly dangerous in environments where the CMS is publicly accessible.
From an operational standpoint, this vulnerability creates a significant risk for organizations using Nucleus CMS with the affected NP_Gallery plugin, as it allows for complete server compromise without requiring any prior access credentials. The attack vector is straightforward and well-documented, making it a common target for automated exploitation tools and malicious actors. The vulnerability affects systems where the PHP configuration allows remote file inclusion or where the web server is configured to accept external file references. Security professionals should note that this vulnerability aligns with ATT&CK technique T1190 "Exploit Public-Facing Application" and may also map to T1059.007 "Command and Scripting Interpreter: PowerShell" if attackers use PowerShell scripts to establish persistence or conduct further exploitation after initial compromise. Organizations using vulnerable versions of Nucleus CMS should immediately implement mitigations including plugin updates, input validation, and restrictive file inclusion policies.
The remediation approach for this vulnerability primarily involves updating to a patched version of the NP_Gallery plugin or upgrading to a newer version of the Nucleus CMS platform that addresses this specific flaw. Additionally, administrators should implement strict input validation measures, disable remote file inclusion in PHP configurations, and employ web application firewalls to monitor for suspicious parameter values. Security hardening practices such as restricting file upload capabilities and implementing proper access controls around plugin directories can further reduce the attack surface. The vulnerability also underscores the importance of regular security audits and vulnerability assessments, particularly for legacy web applications that may contain outdated components with known security flaws. Organizations should conduct comprehensive vulnerability scanning to identify other potential remote file inclusion vulnerabilities in their web applications and ensure proper patch management processes are in place to address such issues promptly.