CVE-2009-0422
EUVD-2009-042605.02.2009, 00:30
Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| tincan | phplist | 𝑥 ≤ 2.10.8 |
| tincan | phplist | 1.0 |
| tincan | phplist | 1.0.1 |
| tincan | phplist | 1.1.2b:b |
| tincan | phplist | 1.1.3b:b |
| tincan | phplist | 1.1.4b:b |
| tincan | phplist | 1.1.5 |
| tincan | phplist | 1.1.5b:b |
| tincan | phplist | 1.1.6 |
| tincan | phplist | 1.1.7 |
| tincan | phplist | 1.3.5 |
| tincan | phplist | 1.3.7 |
| tincan | phplist | 1.4.1 |
| tincan | phplist | 1.5.0 |
| tincan | phplist | 1.5.1 |
| tincan | phplist | 1.6.0 |
| tincan | phplist | 1.6.1 |
| tincan | phplist | 1.6.3 |
| tincan | phplist | 1.6.4 |
| tincan | phplist | 1.7.0 |
| tincan | phplist | 1.7.1 |
| tincan | phplist | 1.8.0 |
| tincan | phplist | 1.9.0 |
| tincan | phplist | 1.9.1 |
| tincan | phplist | 1.9.2 |
| tincan | phplist | 1.9.3 |
| tincan | phplist | 2.1.0 |
| tincan | phplist | 2.1.1 |
| tincan | phplist | 2.1.3 |
| tincan | phplist | 2.1.4 |
| tincan | phplist | 2.2.0 |
| tincan | phplist | 2.2.1 |
| tincan | phplist | 2.3.0 |
| tincan | phplist | 2.3.1 |
| tincan | phplist | 2.3.2 |
| tincan | phplist | 2.3.3 |
| tincan | phplist | 2.3.4 |
| tincan | phplist | 2.4.0 |
| tincan | phplist | 2.4.7 |
| tincan | phplist | 2.5.0 |
| tincan | phplist | 2.5.1 |
| tincan | phplist | 2.5.2 |
| tincan | phplist | 2.5.3 |
| tincan | phplist | 2.5.4 |
| tincan | phplist | 2.5.5 |
| tincan | phplist | 2.5.6 |
| tincan | phplist | 2.5.7 |
| tincan | phplist | 2.5.8 |
| tincan | phplist | 2.6 |
| tincan | phplist | 2.6.0 |
| tincan | phplist | 2.6.1 |
| tincan | phplist | 2.6.2 |
| tincan | phplist | 2.6.3 |
| tincan | phplist | 2.6.4 |
| tincan | phplist | 2.6.5 |
| tincan | phplist | 2.7.1 |
| tincan | phplist | 2.7.2 |
| tincan | phplist | 2.8.2 |
| tincan | phplist | 2.8.7 |
| tincan | phplist | 2.8.12 |
| tincan | phplist | 2.9.3 |
| tincan | phplist | 2.9.4 |
| tincan | phplist | 2.9.5 |
| tincan | phplist | 2.10.1 |
| tincan | phplist | 2.10.2 |
| tincan | phplist | 2.10.3 |
| tincan | phplist | 2.10.4 |
| tincan | phplist | 2.10.5 |
| tincan | phplist | 2.10.6 |
| tincan | phplist | 2.10.7 |
𝑥
= Vulnerable software versions
References