CVE-2005-4814

Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.

Published: Dec 31, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-4814
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
middlebury_college / segue_cms	-	1.3.5.x

http://sourceforge.net/project/shownotes.php?release_id=456920&group_id=82171
http://www.osvdb.org/29902

Vulnerability Database

CVE-2005-4814