Check Point Advisories

Update Protection against Plume CMS manager_path Code Execution Vulnerability

Check Point Reference: CPAI-2006-086
Date Published: 16 Jul 2006
Severity: Medium
Last Updated: 15 May 2007
Source: SecurityTracker Alert ID: 1016165
Industry Reference:CVE-2006-0725
Protection Provided by:
Who is Vulnerable? Plume CMS version 1.0.3
Vulnerability Description Plume CMS is a Content Management System in PHP on top of MySQL. Plume CMS contains a flaw that may allow an attacker with the ability to craft a URL to include and execute arbitrary code on the target system.
Update/Patch AvaliableCurrently there are no known patches available to correct this issue
Vulnerability DetailsThe 'manager/frontinc/prepend.php' script does not properly validate user-supplied input in the 'manager_path' parameter.

Protection Overview

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO