PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-2645.
References
Configurations
History
No history.
Information
Published : 2006-02-16 11:02
Updated : 2017-07-20 01:30
NVD link : CVE-2006-0725
Mitre link : CVE-2006-0725
CVE.ORG link : CVE-2006-0725
JSON object : View
Products Affected
plume-cms
- plume_cms
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')