6.9 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
85.4%
Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable.
downloads.securityfocus.com/vulnerabilities/exploits/PHPList-lfi.php
securitytracker.com/id?1015889
tincan.co.uk/?lid=851
www.securityfocus.com/archive/1/430475/30/30/threaded
www.securityfocus.com/archive/1/430597
www.securityfocus.com/archive/1/448411
www.securityfocus.com/bid/17429
www.vupen.com/english/advisories/2006/1296
exchange.xforce.ibmcloud.com/vulnerabilities/25701