Test ID:	1.3.6.1.4.1.25623.1.0.801444
Category:	Web application abuses
Title:	Pecio CMS <= 2.0.5 Multiple RFI Vulnerabilities
Summary:	Pecio CMS is prone to multiple remote file inclusion (RFI); vulnerabilities.
Description:	Summary: Pecio CMS is prone to multiple remote file inclusion (RFI) vulnerabilities. Vulnerability Insight: The flaw is due to an error in the 'post.php', 'article.php', 'blog.php' and 'home.php' files, which are not properly validating the input data supplied to the 'template' parameter. Vulnerability Impact: Successful exploitation will allow the remote attacker to obtain sensitive information or to execute malicious PHP code in the context of the webserver process. Affected Software/OS: Pecio CMS version 2.0.5 is known to be affected. Other versions might be affected as well. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3204 http://www.exploit-db.com/exploits/14815 http://eidelweiss-advisories.blogspot.com/2010/08/pecio-cms-v205-template-multiple-remote.html http://packetstormsecurity.org/1008-exploits/peciocms-rfi.txt XForce ISS Database: peciocms-multiple-file-include(61433) https://exchange.xforce.ibmcloud.com/vulnerabilities/61433
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.