PHP remote file inclusion vulnerability in index.php in Segue CMS 1.8.4 and previous versions, when register_globals is disabled, allows remote malicious users to execute arbitrary PHP code via a URL in the themesdir parameter, a different vector than CVE-2006-5497. NOTE: this issue was disputed, but the dispute was retracted after additional analysis.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
segue cms segue cms |