Lucene search

[email protected]CVE-2006-5498

HistoryOct 25, 2006 - 10:07 a.m.

CVE-2006-5498

2006-10-2510:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006

5498

directory traversal

segue cms

vulnerability

remote execution

themes

security advisory

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.9%

JSON

Directory traversal vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the theme parameter.

CPENameOperatorVersion
middlebury_college:segue_cmsmiddlebury college segue cmsle1.5.8

CPE	Name	Operator	Version
middlebury_college:segue_cms	middlebury college segue cms	le	1.5.8

References

sourceforge.net/forum/forum.php?forum_id=625467

www.vupen.com/english/advisories/2006/4122

exchange.xforce.ibmcloud.com/vulnerabilities/29692

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.9%

JSON