PT-2006-1777 · Plume · Plume Cms
Publicado
2006-02-16
·
Atualizado
2017-07-20
·
CVE-2006-0725
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Plume CMS version 1.0.2
Description
The issue allows remote attackers to include arbitrary files via a URL in the
PX config[manager path] parameter when register globals is enabled.Recommendations
For Plume CMS version 1.0.2, consider disabling the
register globals setting to prevent exploitation. Additionally, restrict access to the prepend.php file to minimize the risk of including arbitrary files. Avoid using the PX config[manager path] parameter in the affected API endpoint until the issue is resolved.Exploit
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Plume Cms