Vulnerability CVE-2006-3483
Published: 2006-07-10   Modified: 2012-02-12

Description:
PHPMailList 1.8.0 stores sensitive information under the web document root iwth insufficient access control, which allows remote attackers to obtain email addresses of subscribers, configuration information, and the admin username and password via direct requests to (1) list.dat or (2) ml_config.dat.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Phpmaillist -> Phpmaillist 

 References:
http://www.osvdb.org/27018
http://securitytracker.com/id?1016439
http://lostmon.blogspot.com/2006/07/multiple-vulnerabilities-in.html
http://www.osvdb.org/27017
Copyright 2024, cxsecurity.com

 

Back to Top