Remote file inclusion

2007-08-0801:17:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.2%

JSON

PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request

CPENameOperatorVersion
pluckeq4.3

CPE	Name	Operator	Version
	pluck	eq	4.3

References

outlaw.aria-security.info/?p=12

securityreason.com/securityalert/2973

www.attrition.org/pipermail/vim/2007-August/001752.html

www.securityfocus.com/archive/1/475323/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/35756