Published: 05/02/2009 Updated: 11/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and previous versions, when register_globals is disabled, allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tincan phplist 2.7.2
tincan phplist 2.8.2
tincan phplist 2.10.6
tincan phplist 2.10.7
tincan phplist 2.6.0
tincan phplist 2.5.8
tincan phplist 2.5.0
tincan phplist 2.4.0
tincan phplist 2.2.1
tincan phplist 2.2.0
tincan phplist 1.9.1
tincan phplist 1.9.0
tincan phplist 2.8.12
tincan phplist 2.10.1
tincan phplist 2.8.7
tincan phplist 2.6.4
tincan phplist 2.5.7
tincan phplist 2.5.6
tincan phplist 2.3.4
tincan phplist 2.4.7
tincan phplist 2.1.4
tincan phplist 2.1.3
tincan phplist 1.8.0
tincan phplist 1.7.1
tincan phplist 1.7.0
tincan phplist 1.4.1
tincan phplist 1.3.7
tincan phplist 1.1.3b
tincan phplist 1.1.2b
tincan phplist 2.9.3
tincan phplist 2.6.5
tincan phplist 2.7.1
tincan phplist 2.10.4
tincan phplist 2.10.5
tincan phplist 2.6
tincan phplist 2.6.3
tincan phplist 2.5.2
tincan phplist 2.5.1
tincan phplist 2.3.1
tincan phplist 2.3.0
tincan phplist 1.9.3
tincan phplist 1.9.2
tincan phplist 1.6.1
tincan phplist 1.6.0
tincan phplist 1.1.6
tincan phplist 1.1.5
tincan phplist
tincan phplist 1.5.1
tincan phplist 1.5.0
tincan phplist 1.1.5b
tincan phplist 1.1.4b
tincan phplist 2.9.5
tincan phplist 2.9.4
tincan phplist 2.10.2
tincan phplist 2.10.3
tincan phplist 2.6.2
tincan phplist 2.6.1
tincan phplist 2.5.5
tincan phplist 2.5.4
tincan phplist 2.5.3
tincan phplist 2.3.3
tincan phplist 2.3.2
tincan phplist 2.1.1
tincan phplist 2.1.0
tincan phplist 1.6.4
tincan phplist 1.6.3
tincan phplist 1.3.5
tincan phplist 1.1.7
tincan phplist 1.0.1
tincan phplist 1.0

########################## wwwBugReportir ######################### # # AmnPardaz Security Research Team # # Title: phpList Local File inclusion # Vendor: wwwphplistcom # Bug: Local File Inclusion # Vulnerable Version: 2108 (prior versions also may be affected) # Exploitation: Remote with browser # Fix: N/A # Original Advisory: ht ...

CWE-94 http://secunia.com/advisories/33533 http://www.bugreport.ir/index_60.htm https://exchange.xforce.ibmcloud.com/vulnerabilities/47945 https://www.exploit-db.com/exploits/7778 http://www.securityfocus.com/archive/1/500057/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/7778/

CVE-2009-0422

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect