How can I help you? Start Chat

US Phone: 1-866-488-6691
International Phone: +44-2036087492

  • E-Mail
  • Facebook
  • LinkedIn
  • Twitter

Check Point Advisories

Update Protection against Plume CMS manager_path Code Execution Vulnerability

Check Point Reference: CPAI-2006-086
Date Published: 16 Jul 2006
Severity: Medium
Last Updated: 15 May 2007
Source: SecurityTracker Alert ID: 1016165
Industry Reference:CVE-2006-0725
Protection Provided by:
Who is Vulnerable? Plume CMS version 1.0.3
Vulnerability Description Plume CMS is a Content Management System in PHP on top of MySQL. Plume CMS contains a flaw that may allow an attacker with the ability to craft a URL to include and execute arbitrary code on the target system.
Update/Patch AvaliableCurrently there are no known patches available to correct this issue
Vulnerability DetailsThe 'manager/frontinc/prepend.php' script does not properly validate user-supplied input in the 'manager_path' parameter.

Protection Overview