Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1749

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1749
Last Modified 23 Aug 2011 12:00:00
Published 12 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1749

Summary

PHP remote file inclusion vulnerability in config.php in phpListPro 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the returnpath parameter. NOTE: this issue was later reported to affect 2.01 as well.

Vulnerable Systems

Application

  • Smartisoft Phplistpro 2.0

  • Smartisoft Phplistpro 2.01


References

XF - phplistpro-config-file-include(25760)

VUPEN - ADV-2006-1325

BID - 17448

BUGTRAQ - 20060508 PhpListPro 2.01 Remote File Include Vulnerability

BUGTRAQ - 20060411 phpListPro <= 2.0 - Remote File Include Vulnerability

OSVDB - 24540

SECUNIA - 19625


Last Updated: 27 May 2016 10:42:10