Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2009-0422

Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php.

  • Published: Feb 5, 2009
  • Updated: Apr 13, 2023
  • CVE: CVE-2009-0422
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
tincan / phplist 2.4.0 2.4.0.x
tincan / phplist 2.5.6 2.5.6.x
tincan / phplist 2.10.6 2.10.6.x
tincan / phplist 2.10.3 2.10.3.x
tincan / phplist 1.6.1 1.6.1.x
tincan / phplist 2.8.2 2.8.2.x
tincan / phplist 1.9.0 1.9.0.x
tincan / phplist 2.5.5 2.5.5.x
tincan / phplist 1.6.0 1.6.0.x
tincan / phplist 1.9.3 1.9.3.x
tincan / phplist 1.6.3 1.6.3.x
tincan / phplist 2.6.3 2.6.3.x
tincan / phplist 2.1.0 2.1.0.x
tincan / phplist 2.9.4 2.9.4.x
tincan / phplist 2.3.1 2.3.1.x
tincan / phplist 2.6.5 2.6.5.x
tincan / phplist 2.9.3 2.9.3.x
tincan / phplist 1.6.4 1.6.4.x
tincan / phplist 2.6 2.6.x
tincan / phplist 2.1.4 2.1.4.x
tincan / phplist 2.5.7 2.5.7.x
tincan / phplist 2.6.0 2.6.0.x
tincan / phplist 1.5.1 1.5.1.x
tincan / phplist 1.9.2 1.9.2.x
tincan / phplist 2.8.12 2.8.12.x
tincan / phplist 2.6.2 2.6.2.x
tincan / phplist 2.5.4 2.5.4.x
tincan / phplist 1.1.5b 1.1.5b.x
tincan / phplist 2.10.5 2.10.5.x
tincan / phplist 1.4.1 1.4.1.x
tincan / phplist 2.1.1 2.1.1.x
tincan / phplist 2.4.7 2.4.7.x
tincan / phplist 1.1.6 1.1.6.x
tincan / phplist 1.8.0 1.8.0.x
tincan / phplist 1.7.0 1.7.0.x
tincan / phplist 1.7.1 1.7.1.x
tincan / phplist 2.1.3 2.1.3.x
tincan / phplist 1.1.4b 1.1.4b.x
tincan / phplist 1.1.5 1.1.5.x
tincan / phplist 2.10.2 2.10.2.x
tincan / phplist 2.5.2 2.5.2.x
tincan / phplist 2.9.5 2.9.5.x
tincan / phplist 2.5.0 2.5.0.x
tincan / phplist 1.3.5 1.3.5.x
tincan / phplist 2.3.2 2.3.2.x
tincan / phplist 2.5.8 2.5.8.x
tincan / phplist 2.2.0 2.2.0.x
tincan / phplist 2.3.0 2.3.0.x
tincan / phplist 1.0 1.0.x
tincan / phplist 1.5.0 1.5.0.x
tincan / phplist 1.1.2b 1.1.2b.x
tincan / phplist 1.9.1 1.9.1.x
tincan / phplist 2.5.1 2.5.1.x
tincan / phplist 2.6.4 2.6.4.x
tincan / phplist 2.3.4 2.3.4.x
tincan / phplist 1.0.1 1.0.1.x
tincan / phplist 1.1.7 1.1.7.x
tincan / phplist 2.10.4 2.10.4.x
tincan / phplist 2.8.7 2.8.7.x
tincan / phplist 2.10.1 2.10.1.x
tincan / phplist 1.1.3b 1.1.3b.x
tincan / phplist 2.3.3 2.3.3.x
tincan / phplist 2.6.1 2.6.1.x
tincan / phplist 1.3.7 1.3.7.x
tincan / phplist 2.2.1 2.2.1.x
tincan / phplist 2.5.3 2.5.3.x
tincan / phplist 2.7.1 2.7.1.x
tincan / phplist - 2.10.8.x
tincan / phplist 2.10.7 2.10.7.x
tincan / phplist 2.7.2 2.7.2.x