Lucene search

[email protected]CVE-2006-3483

HistoryJul 10, 2006 - 8:05 p.m.

CVE-2006-3483

2006-07-1020:05:00

[email protected]

web.nvd.nist.gov

cve-2006-3483

phpmaillist

sensitive information

access control

remote attackers

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.6%

JSON

PHPMailList 1.8.0 stores sensitive information under the web document root iwth insufficient access control, which allows remote attackers to obtain email addresses of subscribers, configuration information, and the admin username and password via direct requests to (1) list.dat or (2) ml_config.dat.

Affected configurations

NVD

Node

phpmaillistphpmaillistRange≤1.8

CPENameOperatorVersion
phpmaillist:phpmaillistphpmaillistle1.8

CPE	Name	Operator	Version
phpmaillist:phpmaillist	phpmaillist	le	1.8

References

lostmon.blogspot.com/2006/07/multiple-vulnerabilities-in.html

securitytracker.com/id?1016439

www.osvdb.org/27017

www.osvdb.org/27018

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.6%

JSON

Related for CVE-2006-3483

nvd1 cvelist1