Family: CGI abuses --> Category: attack
Plume CMS <= 1.0.2 Remote File Inclusion Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Check if Plume CMS is vulnerable to a file inclusion flaw
Detailed Explanation for this Vulnerability Test
The remote host is running a PHP application that is prone
to local and remote file inclusion attacks.
The system is running Plume CMS a simple but powerful
content management system.
The version installed does not sanitize user input in the
'_PX_config[manager_path]' parameter in the 'prepend.php' file.
This allows a possible hacker to include arbitrary files and execute code
on the system.
This flaw is exploitable if PHP's register_globals is enabled.
See also :
Either sanitize the prepend.php
file as advised by the developer (see first URL) or
upgrade to Plume CMS version 1.0.3 or later
High / CVSS Base Score : 7.0
Click HERE for more information and discussions on this network vulnerability scan.