QwikSec

Security Database

CVE

CWE

Training

CVE-2006-0725

Published: Feb 16, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-2645.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

plumecms-prepend-file-include(24697)

vdb-entry

x_refsource_XF

plumecms-frontinc-prepend-file-include(27699)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_OSVDB

http://plume-cms.net/news/77-Security-Notice-Please-Update-Your-Prependphp-File

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.