Bug: phpList vulnerability ( Ascii Version )

Search:
WLB2

phpList vulnerability

Published
Credit
Risk
2008.12.16
phplist
Medium
CWE
CVE
Local
Remote
CWE-20
CVE-2008-5887
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

phpList is a feature rich newsletter application written in PHP.

phpList has a local file include vulnerability. The vulnerability has
already been exploited.

affected versions: any version up to including 2.10.7

fixed in version 2.10.8

Related links:
www.phplist.com phpList homepage
http://sourceforge.net/projects/phplist Sourceforge Project page.

References:

http://www.securityfocus.com/bid/32841
http://www.securityfocus.com/archive/1/archive/1/499218/100/0/threaded
http://www.phplist.com/?lid=273
http://secunia.com/advisories/33186

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version