CVE-2006-3483

2006-07-1020:00:00

mitre

www.cve.org

6.5 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.6%

JSON

PHPMailList 1.8.0 stores sensitive information under the web document root iwth insufficient access control, which allows remote attackers to obtain email addresses of subscribers, configuration information, and the admin username and password via direct requests to (1) list.dat or (2) ml_config.dat.

References

lostmon.blogspot.com/2006/07/multiple-vulnerabilities-in.html

securitytracker.com/id?1016439

www.osvdb.org/27017

www.osvdb.org/27018