FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phplist -- local file inclusion vulnerability

Affected packages
phplist < 2.10.9

Details

VuXML ID 40774927-f6b4-11dd-94d9-0030843d3802
Discovery 2009-01-15
Entry 2009-02-09

Secunia reports:

Input passed to the "_SERVER[ConfigFile]" parameter in admin/index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

[source]

References

CVE Name CVE-2009-0422
URL http://secunia.com/advisories/33533/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.