Description
PHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Hamid Ebadi · textwebappsphp
https://www.exploit-db.com/exploits/1970
References (5)
Core 5
Core References
Exploit x_refsource_misc
http://www.hamid.ir/security/plume.txt
Exploit x_refsource_misc
http://www.securiteam.com/unixfocus/5KP031FJ5A.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27535
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18750
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1016415
Scores
EPSS
0.0419
EPSS Percentile
88.8%
Details
CWE
CWE-94
Status
published
Products (1)
plume-cms/plume_cms
1.1.3
Published
Feb 15, 2007
Tracked Since
Feb 18, 2026