CVE-2009-0422

Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
tincanphplist
𝑥
≤ 2.10.8
tincanphplist
1.0
tincanphplist
1.0.1
tincanphplist
1.1.2b:b
tincanphplist
1.1.3b:b
tincanphplist
1.1.4b:b
tincanphplist
1.1.5
tincanphplist
1.1.5b:b
tincanphplist
1.1.6
tincanphplist
1.1.7
tincanphplist
1.3.5
tincanphplist
1.3.7
tincanphplist
1.4.1
tincanphplist
1.5.0
tincanphplist
1.5.1
tincanphplist
1.6.0
tincanphplist
1.6.1
tincanphplist
1.6.3
tincanphplist
1.6.4
tincanphplist
1.7.0
tincanphplist
1.7.1
tincanphplist
1.8.0
tincanphplist
1.9.0
tincanphplist
1.9.1
tincanphplist
1.9.2
tincanphplist
1.9.3
tincanphplist
2.1.0
tincanphplist
2.1.1
tincanphplist
2.1.3
tincanphplist
2.1.4
tincanphplist
2.2.0
tincanphplist
2.2.1
tincanphplist
2.3.0
tincanphplist
2.3.1
tincanphplist
2.3.2
tincanphplist
2.3.3
tincanphplist
2.3.4
tincanphplist
2.4.0
tincanphplist
2.4.7
tincanphplist
2.5.0
tincanphplist
2.5.1
tincanphplist
2.5.2
tincanphplist
2.5.3
tincanphplist
2.5.4
tincanphplist
2.5.5
tincanphplist
2.5.6
tincanphplist
2.5.7
tincanphplist
2.5.8
tincanphplist
2.6
tincanphplist
2.6.0
tincanphplist
2.6.1
tincanphplist
2.6.2
tincanphplist
2.6.3
tincanphplist
2.6.4
tincanphplist
2.6.5
tincanphplist
2.7.1
tincanphplist
2.7.2
tincanphplist
2.8.2
tincanphplist
2.8.7
tincanphplist
2.8.12
tincanphplist
2.9.3
tincanphplist
2.9.4
tincanphplist
2.9.5
tincanphplist
2.10.1
tincanphplist
2.10.2
tincanphplist
2.10.3
tincanphplist
2.10.4
tincanphplist
2.10.5
tincanphplist
2.10.6
tincanphplist
2.10.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/33533
http://www.bugreport.ir/index_60.htm
http://www.securityfocus.com/archive/1/500057/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/47945
https://www.exploit-db.com/exploits/7778
http://secunia.com/advisories/33533
http://www.bugreport.ir/index_60.htm
http://www.securityfocus.com/archive/1/500057/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/47945
https://www.exploit-db.com/exploits/7778