Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1746

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1746
Last Modified 07 Mar 2011 09:33:48
Published 12 Apr 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1746

Summary

Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable.

Vulnerable Systems

Application

  • Tincan Phplist 2.10.1

  • Tincan Phplist 2.10.2

  • Tincan Phplist 2.6

  • Tincan Phplist 2.6.1

  • Tincan Phplist 2.6.2

  • Tincan Phplist 2.6.3

  • Tincan Phplist 2.6.4

  • Tincan Phplist 2.6.5

  • Tincan Phplist 2.7.1

  • Tincan Phplist 2.7.2

  • Tincan Phplist 2.8.12

  • Tincan Phplist 2.8.2

  • Tincan Phplist 2.8.7


References

BUGTRAQ - 20060411 Re: PHPList <= 2.10.2 remote commands execution

VUPEN - ADV-2006-1296

BID - 17429

BUGTRAQ - 20061012 new version of phplist fix XSS vulnerability

BUGTRAQ - 20060410 PHPList <= 2.10.2 remote commands execution

CONFIRM - http://tincan.co.uk/?lid=851

SECTRACK - 1015889

MISC - http://downloads.securityfocus.com/vulnerabilities/exploits/PHPList-lfi.php

XF - phplist-index-file-include(25701)


Last Updated: 27 May 2016 10:42:10