PHPList Index.PHP Local File Include Vulnerability
BID:17429
Info
PHPList Index.PHP Local File Include Vulnerability
| Bugtraq ID: | 17429 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 10 2006 12:00AM |
| Updated: | Oct 13 2006 04:09PM |
| Credit: | rgod is credited with the discovery of this vulnerability. |
| Vulnerable: |
PHPList Mailing List Manager 2.10.2 PHPList Mailing List Manager 2.10.1 PHPList Mailing List Manager 2.8.12 PHPList Mailing List Manager 2.6.4 PHPList Mailing List Manager 2.6.3 PHPList Mailing List Manager 2.6.2 PHPList Mailing List Manager 2.6.1 PHPList Mailing List Manager 2.6 |
| Not Vulnerable: |
PHPList Mailing List Manager 2.0.13 |
Discussion
PHPList Index.PHP Local File Include Vulnerability
PHPList is prone to a local file-include vulnerability. This may facilitate the unauthorized viewing of files and unauthorized execution of local scripts.
Attackers may exploit this issue to execute arbitrary code by manipulating log files.
PHPList is prone to a local file-include vulnerability. This may facilitate the unauthorized viewing of files and unauthorized execution of local scripts.
Attackers may exploit this issue to execute arbitrary code by manipulating log files.
Exploit / POC
PHPList Index.PHP Local File Include Vulnerability
This issue can be exploited through a web client.
The following exploit to execute arbitrary code is available:
This issue can be exploited through a web client.
The following exploit to execute arbitrary code is available:
Solution / Fix
PHPList Index.PHP Local File Include Vulnerability
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
References
PHPList Index.PHP Local File Include Vulnerability
References:
References: