2 matches found
Immunity Canvas: PLUCK_LFI
Name| plucklfi ---|--- CVE| CVE-2009-1765 Exploit Pack| CANVAS Description| Pluck 4.6.2 Local File Include Notes| CVE Name: CVE-2009-1765 VENDOR: Pluck Repeatability: Infinite CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1765 References: 'http://www.milw0rm.com/exploits/8715' CVSS:...
CVE-2009-1765
Pluck CMS 4.6.2 contains multiple directory traversal/LFI vulnerabilities. When register_globals is enabled, an attacker can cause PHP to include and execute local files via the langpref parameter to data/modules/contactform/module_info.php, data/modules/blog/module_info.php, or data/modules/albu...