Middlebury College: >> Segue Cms >> 1.3.5 Security Vulnerabilities
Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 and earlier, when magic_quotes_gpc is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the theme parameter to (1) themesettings.php or (2) index.php, a different vector than CVE-2006-5497. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
5.1
EPSS Score
0.016
Published
2006-11-04