[VIM] Bogus: Segue CMS <= 1.8.4 index.php Remote File Inclusion Vulnerability
Steven M. Christey
coley at linus.mitre.org
Thu Oct 4 19:52:12 UTC 2007
On Mon, 1 Oct 2007, George A. Theall wrote:
> > So they need register_globals to be off for this vuln to work properly
> > << kind of scary.
>
> You're right again. In includes.inc.php, there's a call to
> import_request_variables() if register_globals is *not* set.
I expect this is going to happen a LOT more as people implement their own
register_globals emulations.
Nice catch y'all!
- Steve
More information about the VIM
mailing list