CVE-2007-5390
published 2007-10-12CVE-2007-5390: PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0.4.14 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP342medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
4.37%
90.1th percentile
PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0.4.14 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pagina parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| picoflat | picoflat_cms | — | — |
| picoflat_cms | picoflat_cms | <= 0.4.14 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-frmg-9wwf-87m4: Directory traversal vulnerability in index
ghsa_unreviewed·2022-05-17·CVSS 6.8
CVE-2008-6604 [MEDIUM] CWE-22 GHSA-frmg-9wwf-87m4: Directory traversal vulnerability in index
Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagina parameter, a different vulnerability than CVE-2007-5390.
GHSA
GHSA-52cc-2mvx-g968: PHP remote file inclusion vulnerability in index
ghsa_unreviewed·2022-05-01
CVE-2007-5390 [MEDIUM] CWE-94 GHSA-52cc-2mvx-g968: PHP remote file inclusion vulnerability in index
PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0.4.14 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pagina parameter.
No detection rules found.
No writeups or analysis indexed.
2007-10-12
Published