CVE-2007-5920

index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote attackers to include certain files via unspecified vectors, possibly due to a directory traversal vulnerability. NOTE: this can be leveraged to bypass authentication and upload files by including pico_insert.php or unspecified other administrative scripts. NOTE: some of these details are obtained from third party information.

🔗 References (10)

• cve@mitrehttp://osvdb.org/42106
• cve@mitrehttp://picoflat.altervista.org/
• cve@mitrehttp://secunia.com/advisories/27504
• cve@mitrehttp://www.securityfocus.com/bid/26362
• cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/38310
• af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/42106
• af854a3a-2127-422b-91ae-364da2661108http://picoflat.altervista.org/
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27504
• af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26362
• af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/38310