2 matches found
Remote file inclusion
PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote attackers to execute arbitrary code via a URL in the PXconfigmanagerpath parameter. NOTE: this is a different executable and affected version than CVE-2006-0725...
CVE-2006-0725
CVE-2006-0725 describes a PHP remote file inclusion in Plume CMS via the _PX_config[manager_path] parameter to prepend.php. The vulnerability is triggered when register_globals is enabled, allowing an attacker to cause arbitrary file inclusion by supplying a URL, potentially executing code on the...