CVE-2009-0422

Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
tincanphplist
𝑥
≤ 2.10.8
tincanphplist
1.0
tincanphplist
1.0.1
tincanphplist
1.1.2b:b
tincanphplist
1.1.3b:b
tincanphplist
1.1.4b:b
tincanphplist
1.1.5
tincanphplist
1.1.5b:b
tincanphplist
1.1.6
tincanphplist
1.1.7
tincanphplist
1.3.5
tincanphplist
1.3.7
tincanphplist
1.4.1
tincanphplist
1.5.0
tincanphplist
1.5.1
tincanphplist
1.6.0
tincanphplist
1.6.1
tincanphplist
1.6.3
tincanphplist
1.6.4
tincanphplist
1.7.0
tincanphplist
1.7.1
tincanphplist
1.8.0
tincanphplist
1.9.0
tincanphplist
1.9.1
tincanphplist
1.9.2
tincanphplist
1.9.3
tincanphplist
2.1.0
tincanphplist
2.1.1
tincanphplist
2.1.3
tincanphplist
2.1.4
tincanphplist
2.2.0
tincanphplist
2.2.1
tincanphplist
2.3.0
tincanphplist
2.3.1
tincanphplist
2.3.2
tincanphplist
2.3.3
tincanphplist
2.3.4
tincanphplist
2.4.0
tincanphplist
2.4.7
tincanphplist
2.5.0
tincanphplist
2.5.1
tincanphplist
2.5.2
tincanphplist
2.5.3
tincanphplist
2.5.4
tincanphplist
2.5.5
tincanphplist
2.5.6
tincanphplist
2.5.7
tincanphplist
2.5.8
tincanphplist
2.6
tincanphplist
2.6.0
tincanphplist
2.6.1
tincanphplist
2.6.2
tincanphplist
2.6.3
tincanphplist
2.6.4
tincanphplist
2.6.5
tincanphplist
2.7.1
tincanphplist
2.7.2
tincanphplist
2.8.2
tincanphplist
2.8.7
tincanphplist
2.8.12
tincanphplist
2.9.3
tincanphplist
2.9.4
tincanphplist
2.9.5
tincanphplist
2.10.1
tincanphplist
2.10.2
tincanphplist
2.10.3
tincanphplist
2.10.4
tincanphplist
2.10.5
tincanphplist
2.10.6
tincanphplist
2.10.7
𝑥
= Vulnerable software versions