Page 3 of 22 results (0.002 seconds)

CVSS: 9.8EPSS: 1%CPEs: 70EXPL: 2

CVE-2009-0422 – phpList 2.10.8 - Local File Inclusion

https://notcve.org/view.php?id=CVE-2009-0422

05 Feb 2009 — Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php. Vulnerabilidad de evaluación de variable dinámica en lists/admin.php en phpList v2.10.8 y versiones anteriores, cuando register_globals no está activa, permite a atacantes remotos incluir y ejecutar ficheros locales de su ele... • https://www.exploit-db.com/exploits/7778 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 0%CPEs: 69EXPL: 0

CVE-2008-5887

https://notcve.org/view.php?id=CVE-2008-5887

12 Jan 2009 — phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability." phplist anterior a v2.10.8 permite a atacantes remotos incluir ficheros a través de vectores desconocidos, relacionada a una "vulnerabilidad de inclusión de un fichero local." • http://secunia.com/advisories/33186 • CWE-20: Improper Input Validation •