[VIM] Bogus: Segue CMS <= 1.8.4 index.php Remote File Inclusion Vulnerability

Steven M. Christey coley at linus.mitre.org
Thu Oct 4 19:52:12 UTC 2007


On Mon, 1 Oct 2007, George A. Theall wrote:

> > So they need register_globals to be off for this vuln to work properly
> > << kind of scary.
>
> You're right again.  In includes.inc.php, there's a call to
> import_request_variables() if register_globals is *not* set.

I expect this is going to happen a LOT more as people implement their own
register_globals emulations.

Nice catch y'all!

- Steve


More information about the VIM mailing list