Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

Plume CMS <= 1.0.2 Remote File Inclusion Vulnerability

Severity

Medium

Family

Web application abuses

CVSSv2 Base

6.8

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Solution Type

Vendor Patch

Created

18 years ago

Modified

5 years ago

The remote host is running a PHP application that is prone to local and remote file inclusion attacks. Description : The system is running Plume CMS a simple but powerful content management system. The version installed does not sanitize user input in the '_PX_config[manager_path]' parameter in the 'prepend.php' file. This allows an attacker to include arbitrary files and execute code on the system. This flaw is exploitable if PHP's register_globals is enabled.

Solution

Either sanitize the prepend.php file as advised by the developer (see first URL) or upgrade to Plume CMS version 1.0.3 or later

Common Vulnerabilities and Exposures (CVE)

CVE-2006-0725

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

Plume CMS <= 1.0.2 Remote File Inclusion Vulnerability

Severity

Family

CVSSv2 Base

CVSSv2 Vector

Solution Type

Created

Modified

Share

Solution

Common Vulnerabilities and Exposures (CVE)

References

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

Plume CMS <= 1.0.2 Remote File Inclusion Vulnerability

Information

Severity

Severity

Family

Family

CVSSv2 Base

CVSSv2 Base

CVSSv2 Vector

CVSSv2 Vector

Solution Type

Solution Type

Created

Created

Modified

Modified

Share

Summary

Solution

Solution

Common Vulnerabilities and Exposures (CVE)

References