Back to CVE Browser

CVE-2007-5920

MEDIUM

6.8

CVSS Severity Score

EPSS Score0.0920%

EPSS Percentile32.17th

PublishedNov 10, 2007

Last ModifiedApr 23, 2026

Vulnerability Description

index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote attackers to include certain files via unspecified vectors, possibly due to a directory traversal vulnerability. NOTE: this can be leveraged to bypass authentication and upload files by including pico_insert.php or unspecified other administrative scripts. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

📦

Picoflat Cms

Picoflat Cms

<= 0.4.16

References & Advisories

🔗 http://osvdb.org/42106

🔗 http://picoflat.altervista.org/

🔗 http://secunia.com/advisories/27504

🔗 http://www.securityfocus.com/bid/26362

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/38310

🔗 http://osvdb.org/42106

🔗 http://picoflat.altervista.org/

🔗 http://secunia.com/advisories/27504

Related Vulnerabilities

CVE-2008-660410.0

Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 allows remote attackers to include and execute arbitrary loca...

CVE-2007-53906.8

PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0.4.14 and earlier allows remote attackers to execute arbitra...

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...

CVE-2007-158710.0

templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the...