5 matches found
Directory traversal
Multiple directory traversal vulnerabilities in pluck 4.6.2, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the langpref parameter to 1 data/modules/contactform/moduleinfo.php, 2 data/modules/blog/moduleinfo.php, and 3...
CVE-2009-1765
Pluck CMS 4.6.2 contains multiple directory traversal/LFI vulnerabilities. When register_globals is enabled, an attacker can cause PHP to include and execute local files via the langpref parameter to data/modules/contactform/module_info.php, data/modules/blog/module_info.php, or data/modules/albu...
Directory traversal
Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ dot dot backslash in the 1 blogpost, 2 cat, and 3 file parameters to data/inc/themes/predefinedvariables.php, as reachable through index.php; an...
CVE-2008-3194
Multiple directory traversal vulnerabilities in data/inc/themes/predefinedvariables.php in pluck 4.5.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 langpref, 2 file, 3 blogpost, or 4 cat parameter...
CVE-2008-3194
Pluck CMS 4.5.1 contains directory traversal vulnerabilities in data/inc/themes/predefined_variables.php that allow remote attackers to include and execute local files via a .. in the langpref, file, blogpost, or cat parameters. This is triggered by the affected file path handling and is related ...