Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3562

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3562
Last Modified 10 Nov 2011 12:00:00
Published 12 Jul 2006 09:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3562

Summary

PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645 and CVE-2006-0725.

Vulnerable Systems

Application

  • Plume-cms Plume Cms 1.0.4


References

XF - plumecms-multiple-scripts-file-include(27530)

BID - 18780

BUGTRAQ - 20060702 plume-cms v1.0.4 Multiple Remote File include

SECTRACK - 1016426

SREASON - 1220


Last Updated: 27 May 2016 10:43:02