Segue Cms Security Vulnerabilities and Issues — Segue Cms CVE List

Lucene search

Middlebury CollegeSegue Cms

5 matches found

CVE•added 2006/11/04 1:7 a.m.•47 views

CVE-2006-5722

Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 and earlier, when magic_quotes_gpc is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the theme parameter to (1) themesettings.php or (2) index.php, a different vector than CVE-2006-5497. NOTE: the prov...

5.1CVSS7.3AI score0.1528EPSS

CVE•added 2006/10/25 10:7 a.m.•46 views

CVE-2006-5497

PHP remote file inclusion vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter.

7.5CVSS7.3AI score0.1528EPSS

CVE•added 2006/10/25 10:7 a.m.•35 views

CVE-2006-5498

Directory traversal vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.

7.5CVSS7.5AI score0.00459EPSS

CVE•added 2006/10/31 12:0 a.m.•32 views

CVE-2005-4814

Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.

7.5CVSS7.9AI score0.00612EPSS

CVE•added 2006/10/25 10:7 a.m.•27 views

CVE-2006-5490

Multiple SQL injection vulnerabilities in Segue Content Management System (CMS) before 1.5.8 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5CVSS8.9AI score0.00785EPSS