CVE-2007-5920 Information

Description

index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote attackers to include certain files via unspecified vectors possibly due to a directory traversal vulnerability. NOTE: this can be leveraged to bypass authentication and upload files by including pico_insert.php or unspecified other administrative scripts. NOTE: some of these details are obtained from third party information.

Reference

http://osvdb.org/42106 http://picoflat.altervista.org/ http://secunia.com/advisories/27504 http://www.securityfocus.com/bid/26362 https://exchange.xforce.ibmcloud.com/vulnerabilities/38310