2 matches found
CVE-2006-7021
The CVE-2006-7021 entry concerns a PHP remote file inclusion in Plume CMS 1.1.3. Specifically, dbinstall.php under manager/tools/link accepts a URL via the _PX_config[manager_path] parameter, allowing an attacker to execute arbitrary PHP code remotely. Affected software: Plume CMS 1.1.3; vulnerab...
plumeCMS113.txt
The original article can be found at: http://www.hamid.ir/security/ http://www.IHSteam.com Vulnerable Systems: Plume CMS 1.1.3 Vulnerable Code : path/plume-1.1.3/plume/manager/tools/link/dbinstall.php //Vulnerable Code :line 39 requireonce $PXconfig'managerpath'.'/inc/class.checklist.php';...