PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote malicious users to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-2645.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
plume-cms plume cms 1.0.2 |