Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5186


Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5186
Last Modified 22 Aug 2011 12:00:00
Published 03 Oct 2007 10:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



PHP remote file inclusion vulnerability in index.php in Segue CMS 1.8.4 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter, a different vector than CVE-2006-5497. NOTE: this issue was disputed, but the dispute was retracted after additional analysis.

Vulnerable Systems


  • Segue Cms 1.8.4


XF - segue-index-file-include(36903)

VUPEN - ADV-2007-3342

BID - 25889

MILW0RM - 4476

VIM - 20071001 Bogus: Segue CMS <= 1.8.4 index.php Remote File Inclusion Vulnerability


SECUNIA - 27025

Last Updated: 27 May 2016 10:46:06