Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0725

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-0725
Last Modified 10 Nov 2011 12:00:00
Published 16 Feb 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0725

Summary

PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-2645.

Vulnerable Systems

Application

  • Plume-cms Plume Cms 1.0.2


References

XF - plumecms-frontinc-prepend-file-include(27699)

XF - plumecms-prepend-file-include(24697)

VUPEN - ADV-2006-0599

BID - 16662

OSVDB - 23204

SECTRACK - 1015624

SECUNIA - 18883

CONFIRM - http://plume-cms.net/news/77-Security-Notice-Please-Update-Your-Prependphp-File


Last Updated: 27 May 2016 10:41:46