[VIM] Bogus: Segue CMS <= 1.8.4 index.php Remote File Inclusion Vulnerability

str0ke str0ke at milw0rm.com
Mon Oct 1 17:29:31 UTC 2007


Hey George,

Ya I thought the same thing, tested it on multiple sites ranging from
1.8.4 and below and worked like a charm.



George A. Theall wrote:
> It looks like Milw0rm 4476 is bogus -- $themedir is set in
> config.inc.php to 'themes', and it does not seem to be overwritten
> later. [config.inc.php is not included in the distribution file but
> it's created from config_sample.inc.php as part of the installation
> process.]
>
> Or did I mess this one up too?
>
> George


More information about the VIM mailing list