CVE-2006-1746 | SynScan

Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2006-1746

Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable.

Published: Apr 13, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-1746
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
tincan / phplist	2.8.2	2.8.2.x
tincan / phplist	2.6.3	2.6.3.x
tincan / phplist	2.6.5	2.6.5.x
tincan / phplist	2.6	2.6.x
tincan / phplist	2.8.12	2.8.12.x
tincan / phplist	2.6.2	2.6.2.x
tincan / phplist	2.6.4	2.6.4.x
tincan / phplist	2.8.7	2.8.7.x
tincan / phplist	2.10.1	2.10.1.x
tincan / phplist	2.6.1	2.6.1.x
tincan / phplist	-	2.10.2.x
tincan / phplist	2.7.1	2.7.1.x
tincan / phplist	2.7.2	2.7.2.x