Published: 13/07/2006 Updated: 18/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 765

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote malicious users to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645 and CVE-2006-0725.

Vulnerable Product	Search on Vulmon	Subscribe to Product
plume-cms plume cms 1.0.4

source: wwwsecurityfocuscom/bid/18780/info Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input A successful exploit of these issues allows the attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver pro ...

source: wwwsecurityfocuscom/bid/18780/info Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input A successful exploit of these issues allows the attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process ...

source: wwwsecurityfocuscom/bid/18780/info Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input A successful exploit of these issues allows the attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver proce ...

CWE-94 http://www.securityfocus.com/bid/18780 http://securitytracker.com/id?1016426 http://securityreason.com/securityalert/1220 https://exchange.xforce.ibmcloud.com/vulnerabilities/27530 http://www.securityfocus.com/archive/1/438948/100/100/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/28149/

CVE-2006-3562

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect