PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote attackers to execute arbitrary code via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-0725.
https://exchange.xforce.ibmcloud.com/vulnerabilities/27699
https://exchange.xforce.ibmcloud.com/vulnerabilities/24697
http://www.vupen.com/english/advisories/2006/2014
http://www.securityfocus.com/archive/1/435130/100/0/threaded