cpe:/a:flux_cms:flux_cms:1.2 cpe:/a:flux_cms:flux_cms:1.3 cpe:/a:flux_cms:flux_cms:1.4 cpe:/a:flux_cms:flux_cms:1.31 cpe:/a:flux_cms:flux_cms:1.50 CVE-2008-2686 2008-06-13T14:41:00.000-04:00 2017-09-28T21:31:16.537-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-06-16T10:13:00.000-04:00 BID 29618 EXPLOIT-DB 5767 XF fluxcms-loadsave-file-overwrite(42961) webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows remote attackers to execute arbitrary code by overwriting a PHP file in webinc/bxe/scripts/ via a filename in the XML parameter and PHP sequences in the request body, then making a direct request for this filename.