CVE-2008-7067

Pagetreecms Page Tree Cms - Code Injection

Title source: rule

Description

PHP remote file inclusion vulnerability in admin/plugins/Online_Users/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[PT_Config][dir][data] parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by NoGe · textwebappsphp

https://www.exploit-db.com/exploits/7255

View Code ZIP pw:eip

References (3)

[Exploit] http://www.securityfocus.com/bid/32510

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46922

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7255

Scores

EPSS 0.0210

EPSS Percentile 83.8%

Classification

CWE

CWE-94

Status draft

Affected Products (1)

pagetreecms/page_tree_cms

Timeline

Published Aug 25, 2009

Tracked Since Feb 18, 2026