Unrated severityNVD Advisory· Published May 9, 2007· Updated Jun 16, 2026
CVE-2007-2545
CVE-2007-2545
Description
Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:persism_cms:persism_cms:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:persism_cms:persism_cms:*:*:*:*:*:*:*:*range: <=0.9.2
- (no CPE)range: <=0.9.2
Patches
Vulnerability mechanics
References
14- www.securityfocus.com/bid/23828nvdExploit
- osvdb.org/37767nvd
- osvdb.org/37768nvd
- osvdb.org/37769nvd
- osvdb.org/37770nvd
- osvdb.org/37771nvd
- osvdb.org/37772nvd
- osvdb.org/37773nvd
- osvdb.org/37774nvd
- osvdb.org/37775nvd
- osvdb.org/37776nvd
- www.vupen.com/english/advisories/2007/1671nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/34102nvd
- www.exploit-db.com/exploits/3853nvd
News mentions
0No linked articles in our index yet.