Search criteria

10 vulnerabilities by plume-cms

CVE-2012-1414 (GCVE-0-2012-1414)

Vulnerability from cvelistv5 – Published: 2012-10-07 21:00 – Updated: 2024-08-06 18:53
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News pages via a publish action.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:53:37.216Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "plumecms-news-csrf(73317)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73317"
          },
          {
            "name": "18502",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/18502"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News pages via a publish action."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "plumecms-news-csrf(73317)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73317"
        },
        {
          "name": "18502",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/18502"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-1414",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News pages via a publish action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "plumecms-news-csrf(73317)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73317"
            },
            {
              "name": "18502",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/18502"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-1414",
    "datePublished": "2012-10-07T21:00:00",
    "dateReserved": "2012-02-28T00:00:00",
    "dateUpdated": "2024-08-06T18:53:37.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-2156 (GCVE-0-2012-2156)

Vulnerability from cvelistv5 – Published: 2012-04-11 10:00 – Updated: 2024-08-06 19:26
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:07.776Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.webapp-security.com/2012/04/plumecms"
          },
          {
            "name": "80960",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80960"
          },
          {
            "name": "plumecms-users-xss(74614)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74614"
          },
          {
            "name": "52890",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52890"
          },
          {
            "name": "18699",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/18699"
          },
          {
            "name": "80961",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80961"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.webapp-security.com/wp-content/uploads/2012/04/PlumeCMS-1.2.4-Multiple-Permanent-XSS.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-19T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.webapp-security.com/2012/04/plumecms"
        },
        {
          "name": "80960",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80960"
        },
        {
          "name": "plumecms-users-xss(74614)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74614"
        },
        {
          "name": "52890",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52890"
        },
        {
          "name": "18699",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/18699"
        },
        {
          "name": "80961",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80961"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.webapp-security.com/wp-content/uploads/2012/04/PlumeCMS-1.2.4-Multiple-Permanent-XSS.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-2156",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.webapp-security.com/2012/04/plumecms",
              "refsource": "MISC",
              "url": "http://www.webapp-security.com/2012/04/plumecms"
            },
            {
              "name": "80960",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/80960"
            },
            {
              "name": "plumecms-users-xss(74614)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74614"
            },
            {
              "name": "52890",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52890"
            },
            {
              "name": "18699",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/18699"
            },
            {
              "name": "80961",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/80961"
            },
            {
              "name": "http://www.webapp-security.com/wp-content/uploads/2012/04/PlumeCMS-1.2.4-Multiple-Permanent-XSS.txt",
              "refsource": "MISC",
              "url": "http://www.webapp-security.com/wp-content/uploads/2012/04/PlumeCMS-1.2.4-Multiple-Permanent-XSS.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-2156",
    "datePublished": "2012-04-11T10:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:07.776Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-3985 (GCVE-0-2011-3985)

Vulnerability from cvelistv5 – Published: 2011-11-09 23:00 – Updated: 2024-09-16 16:48
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000083 third-party-advisoryx_refsource_JVNDB
http://jvn.jp/en/jp/JVN08307791/index.html third-party-advisoryx_refsource_JVN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:53:32.589Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVNDB-2011-000083",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000083"
          },
          {
            "name": "JVN#08307791",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN08307791/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-11-09T23:00:00Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVNDB-2011-000083",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000083"
        },
        {
          "name": "JVN#08307791",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN08307791/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2011-3985",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVNDB-2011-000083",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000083"
            },
            {
              "name": "JVN#08307791",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN08307791/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2011-3985",
    "datePublished": "2011-11-09T23:00:00Z",
    "dateReserved": "2011-10-05T00:00:00Z",
    "dateUpdated": "2024-09-16T16:48:25.866Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-3418 (GCVE-0-2009-3418)

Vulnerability from cvelistv5 – Published: 2009-09-25 22:00 – Updated: 2024-09-16 19:30
VLAI?
Summary
Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_link action to manager/tools.php. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.senseofsecurity.com.au/advisories/SOS-… x_refsource_MISC
http://secunia.com/advisories/36277 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:22:24.568Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.senseofsecurity.com.au/advisories/SOS-09-006.pdf"
          },
          {
            "name": "36277",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36277"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_link action to manager/tools.php.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-09-25T22:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.senseofsecurity.com.au/advisories/SOS-09-006.pdf"
        },
        {
          "name": "36277",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36277"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3418",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_link action to manager/tools.php.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.senseofsecurity.com.au/advisories/SOS-09-006.pdf",
              "refsource": "MISC",
              "url": "http://www.senseofsecurity.com.au/advisories/SOS-09-006.pdf"
            },
            {
              "name": "36277",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36277"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3418",
    "datePublished": "2009-09-25T22:00:00Z",
    "dateReserved": "2009-09-25T00:00:00Z",
    "dateUpdated": "2024-09-16T19:30:05.687Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-1048 (GCVE-0-2008-1048)

Vulnerability from cvelistv5 – Published: 2008-02-27 19:00 – Updated: 2024-08-07 08:08
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:08:56.713Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "plume-xmedia-xss(40841)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40841"
          },
          {
            "name": "1019507",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019507"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.digitrustgroup.com/advisories/web-application-security-plume-cms.html"
          },
          {
            "name": "29116",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29116"
          },
          {
            "name": "27999",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27999"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "plume-xmedia-xss(40841)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40841"
        },
        {
          "name": "1019507",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019507"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.digitrustgroup.com/advisories/web-application-security-plume-cms.html"
        },
        {
          "name": "29116",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29116"
        },
        {
          "name": "27999",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27999"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1048",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "plume-xmedia-xss(40841)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40841"
            },
            {
              "name": "1019507",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019507"
            },
            {
              "name": "http://www.digitrustgroup.com/advisories/web-application-security-plume-cms.html",
              "refsource": "MISC",
              "url": "http://www.digitrustgroup.com/advisories/web-application-security-plume-cms.html"
            },
            {
              "name": "29116",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29116"
            },
            {
              "name": "27999",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27999"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1048",
    "datePublished": "2008-02-27T19:00:00",
    "dateReserved": "2008-02-27T00:00:00",
    "dateUpdated": "2024-08-07T08:08:56.713Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-7021 (GCVE-0-2006-7021)

Vulnerability from cvelistv5 – Published: 2007-02-15 02:00 – Updated: 2024-08-07 20:50
VLAI?
Summary
PHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:50:05.874Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.hamid.ir/security/plume.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securiteam.com/unixfocus/5KP031FJ5A.html"
          },
          {
            "name": "plumecms-dbinstall-file-include(27535)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27535"
          },
          {
            "name": "18750",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18750"
          },
          {
            "name": "1016415",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1016415"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "PHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.hamid.ir/security/plume.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securiteam.com/unixfocus/5KP031FJ5A.html"
        },
        {
          "name": "plumecms-dbinstall-file-include(27535)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27535"
        },
        {
          "name": "18750",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18750"
        },
        {
          "name": "1016415",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1016415"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-7021",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.hamid.ir/security/plume.txt",
              "refsource": "MISC",
              "url": "http://www.hamid.ir/security/plume.txt"
            },
            {
              "name": "http://www.securiteam.com/unixfocus/5KP031FJ5A.html",
              "refsource": "MISC",
              "url": "http://www.securiteam.com/unixfocus/5KP031FJ5A.html"
            },
            {
              "name": "plumecms-dbinstall-file-include(27535)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27535"
            },
            {
              "name": "18750",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18750"
            },
            {
              "name": "1016415",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1016415"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-7021",
    "datePublished": "2007-02-15T02:00:00",
    "dateReserved": "2007-02-14T00:00:00",
    "dateUpdated": "2024-08-07T20:50:05.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4533 (GCVE-0-2006-4533)

Vulnerability from cvelistv5 – Published: 2006-09-01 23:00 – Updated: 2024-08-07 19:14
VLAI?
Summary
Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, (2) categories.php, (3) news.php, (4) prefs.php, (5) sites.php, (6) subtypes.php, (7) users.php, (8) xmedia.php, (9) frontinc/class.template.php, (10) inc/lib.text.php, (11) install/index.php, (12) install/upgrade.php, and (13) tools/htaccess/index.php. NOTE: other vectors are covered by CVE-2006-3562, CVE-2006-2645, and CVE-2006-0725.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.osvdb.org/31179 vdb-entryx_refsource_OSVDB
http://www.osvdb.org/31172 vdb-entryx_refsource_OSVDB
http://www.osvdb.org/31177 vdb-entryx_refsource_OSVDB
http://www.osvdb.org/31180 vdb-entryx_refsource_OSVDB
http://www.osvdb.org/31171 vdb-entryx_refsource_OSVDB
http://www.osvdb.org/31183 vdb-entryx_refsource_OSVDB
http://www.osvdb.org/31175 vdb-entryx_refsource_OSVDB
http://www.osvdb.org/31181 vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/19629 vdb-entryx_refsource_BID
http://www.osvdb.org/31176 vdb-entryx_refsource_OSVDB
http://www.osvdb.org/31178 vdb-entryx_refsource_OSVDB
http://www.osvdb.org/31174 vdb-entryx_refsource_OSVDB
http://packetstormsecurity.org/0608-exploits/plum… x_refsource_MISC
http://www.osvdb.org/31173 vdb-entryx_refsource_OSVDB
http://www.osvdb.org/31182 vdb-entryx_refsource_OSVDB
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:14:47.367Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "31179",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31179"
          },
          {
            "name": "31172",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31172"
          },
          {
            "name": "31177",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31177"
          },
          {
            "name": "31180",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31180"
          },
          {
            "name": "31171",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31171"
          },
          {
            "name": "31183",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31183"
          },
          {
            "name": "31175",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31175"
          },
          {
            "name": "31181",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31181"
          },
          {
            "name": "19629",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19629"
          },
          {
            "name": "31176",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31176"
          },
          {
            "name": "31178",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31178"
          },
          {
            "name": "31174",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31174"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.org/0608-exploits/plume-1.0.6.txt"
          },
          {
            "name": "31173",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31173"
          },
          {
            "name": "31182",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/31182"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, (2) categories.php, (3) news.php, (4) prefs.php, (5) sites.php, (6) subtypes.php, (7) users.php, (8) xmedia.php, (9) frontinc/class.template.php, (10) inc/lib.text.php, (11) install/index.php, (12) install/upgrade.php, and (13) tools/htaccess/index.php.  NOTE: other vectors are covered by CVE-2006-3562, CVE-2006-2645, and CVE-2006-0725."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-01-12T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "31179",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31179"
        },
        {
          "name": "31172",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31172"
        },
        {
          "name": "31177",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31177"
        },
        {
          "name": "31180",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31180"
        },
        {
          "name": "31171",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31171"
        },
        {
          "name": "31183",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31183"
        },
        {
          "name": "31175",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31175"
        },
        {
          "name": "31181",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31181"
        },
        {
          "name": "19629",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19629"
        },
        {
          "name": "31176",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31176"
        },
        {
          "name": "31178",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31178"
        },
        {
          "name": "31174",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31174"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.org/0608-exploits/plume-1.0.6.txt"
        },
        {
          "name": "31173",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31173"
        },
        {
          "name": "31182",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/31182"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4533",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, (2) categories.php, (3) news.php, (4) prefs.php, (5) sites.php, (6) subtypes.php, (7) users.php, (8) xmedia.php, (9) frontinc/class.template.php, (10) inc/lib.text.php, (11) install/index.php, (12) install/upgrade.php, and (13) tools/htaccess/index.php.  NOTE: other vectors are covered by CVE-2006-3562, CVE-2006-2645, and CVE-2006-0725."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31179",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31179"
            },
            {
              "name": "31172",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31172"
            },
            {
              "name": "31177",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31177"
            },
            {
              "name": "31180",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31180"
            },
            {
              "name": "31171",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31171"
            },
            {
              "name": "31183",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31183"
            },
            {
              "name": "31175",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31175"
            },
            {
              "name": "31181",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31181"
            },
            {
              "name": "19629",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19629"
            },
            {
              "name": "31176",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31176"
            },
            {
              "name": "31178",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31178"
            },
            {
              "name": "31174",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31174"
            },
            {
              "name": "http://packetstormsecurity.org/0608-exploits/plume-1.0.6.txt",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.org/0608-exploits/plume-1.0.6.txt"
            },
            {
              "name": "31173",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31173"
            },
            {
              "name": "31182",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/31182"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4533",
    "datePublished": "2006-09-01T23:00:00",
    "dateReserved": "2006-09-01T00:00:00",
    "dateUpdated": "2024-08-07T19:14:47.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-3562 (GCVE-0-2006-3562)

Vulnerability from cvelistv5 – Published: 2006-07-13 01:00 – Updated: 2024-08-07 18:30
VLAI?
Summary
PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645 and CVE-2006-0725.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securityfocus.com/bid/18780 vdb-entryx_refsource_BID
http://www.securityfocus.com/archive/1/438948/100… mailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://securityreason.com/securityalert/1220 third-party-advisoryx_refsource_SREASON
http://securitytracker.com/id?1016426 vdb-entryx_refsource_SECTRACK
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:30:34.433Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "18780",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18780"
          },
          {
            "name": "20060702 plume-cms v1.0.4 Multiple Remote File include",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/438948/100/100/threaded"
          },
          {
            "name": "plumecms-multiple-scripts-file-include(27530)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27530"
          },
          {
            "name": "1220",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1220"
          },
          {
            "name": "1016426",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016426"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-07-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645 and CVE-2006-0725."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "18780",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18780"
        },
        {
          "name": "20060702 plume-cms v1.0.4 Multiple Remote File include",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/438948/100/100/threaded"
        },
        {
          "name": "plumecms-multiple-scripts-file-include(27530)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27530"
        },
        {
          "name": "1220",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1220"
        },
        {
          "name": "1016426",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016426"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3562",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645 and CVE-2006-0725."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "18780",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18780"
            },
            {
              "name": "20060702 plume-cms v1.0.4 Multiple Remote File include",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/438948/100/100/threaded"
            },
            {
              "name": "plumecms-multiple-scripts-file-include(27530)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27530"
            },
            {
              "name": "1220",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1220"
            },
            {
              "name": "1016426",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016426"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3562",
    "datePublished": "2006-07-13T01:00:00",
    "dateReserved": "2006-07-12T00:00:00",
    "dateUpdated": "2024-08-07T18:30:34.433Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-2645 (GCVE-0-2006-2645)

Vulnerability from cvelistv5 – Published: 2006-05-30 10:00 – Updated: 2024-08-07 17:58
VLAI?
Summary
PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote attackers to execute arbitrary code via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-0725.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/20310 third-party-advisoryx_refsource_SECUNIA
http://securityreason.com/securityalert/975 third-party-advisoryx_refsource_SREASON
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/435130/100… mailing-listx_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2006/2014 vdb-entryx_refsource_VUPEN
http://securitytracker.com/id?1016165 vdb-entryx_refsource_SECTRACK
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:58:51.866Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20310",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20310"
          },
          {
            "name": "975",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/975"
          },
          {
            "name": "plumecms-prepend-file-include(24697)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24697"
          },
          {
            "name": "plumecms-frontinc-prepend-file-include(27699)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27699"
          },
          {
            "name": "20060526 Plume CMS Remote File Include",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/435130/100/0/threaded"
          },
          {
            "name": "ADV-2006-2014",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2014"
          },
          {
            "name": "1016165",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016165"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-05-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote attackers to execute arbitrary code via a URL in the _PX_config[manager_path] parameter.  NOTE: this is a different executable and affected version than CVE-2006-0725."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20310",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20310"
        },
        {
          "name": "975",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/975"
        },
        {
          "name": "plumecms-prepend-file-include(24697)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24697"
        },
        {
          "name": "plumecms-frontinc-prepend-file-include(27699)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27699"
        },
        {
          "name": "20060526 Plume CMS Remote File Include",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/435130/100/0/threaded"
        },
        {
          "name": "ADV-2006-2014",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2014"
        },
        {
          "name": "1016165",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016165"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2645",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote attackers to execute arbitrary code via a URL in the _PX_config[manager_path] parameter.  NOTE: this is a different executable and affected version than CVE-2006-0725."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20310",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20310"
            },
            {
              "name": "975",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/975"
            },
            {
              "name": "plumecms-prepend-file-include(24697)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24697"
            },
            {
              "name": "plumecms-frontinc-prepend-file-include(27699)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27699"
            },
            {
              "name": "20060526 Plume CMS Remote File Include",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/435130/100/0/threaded"
            },
            {
              "name": "ADV-2006-2014",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2014"
            },
            {
              "name": "1016165",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016165"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2645",
    "datePublished": "2006-05-30T10:00:00",
    "dateReserved": "2006-05-30T00:00:00",
    "dateUpdated": "2024-08-07T17:58:51.866Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-0725 (GCVE-0-2006-0725)

Vulnerability from cvelistv5 – Published: 2006-02-16 11:00 – Updated: 2024-08-07 16:48
VLAI?
Summary
PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-2645.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:48:55.350Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1015624",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015624"
          },
          {
            "name": "plumecms-prepend-file-include(24697)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24697"
          },
          {
            "name": "plumecms-frontinc-prepend-file-include(27699)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27699"
          },
          {
            "name": "18883",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18883"
          },
          {
            "name": "ADV-2006-0599",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0599"
          },
          {
            "name": "23204",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/23204"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://plume-cms.net/news/77-Security-Notice-Please-Update-Your-Prependphp-File"
          },
          {
            "name": "16662",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16662"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter.  NOTE: this is a different executable and affected version than CVE-2006-2645."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1015624",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015624"
        },
        {
          "name": "plumecms-prepend-file-include(24697)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24697"
        },
        {
          "name": "plumecms-frontinc-prepend-file-include(27699)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27699"
        },
        {
          "name": "18883",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18883"
        },
        {
          "name": "ADV-2006-0599",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0599"
        },
        {
          "name": "23204",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/23204"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://plume-cms.net/news/77-Security-Notice-Please-Update-Your-Prependphp-File"
        },
        {
          "name": "16662",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16662"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0725",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter.  NOTE: this is a different executable and affected version than CVE-2006-2645."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1015624",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015624"
            },
            {
              "name": "plumecms-prepend-file-include(24697)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24697"
            },
            {
              "name": "plumecms-frontinc-prepend-file-include(27699)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27699"
            },
            {
              "name": "18883",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18883"
            },
            {
              "name": "ADV-2006-0599",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0599"
            },
            {
              "name": "23204",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/23204"
            },
            {
              "name": "http://plume-cms.net/news/77-Security-Notice-Please-Update-Your-Prependphp-File",
              "refsource": "CONFIRM",
              "url": "http://plume-cms.net/news/77-Security-Notice-Please-Update-Your-Prependphp-File"
            },
            {
              "name": "16662",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16662"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0725",
    "datePublished": "2006-02-16T11:00:00",
    "dateReserved": "2006-02-16T00:00:00",
    "dateUpdated": "2024-08-07T16:48:55.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}