3 matches found
CVE-2006-3692
PHP remote file inclusion vulnerability in enduser/listmessenger.php in ListMessenger 0.9.3 allows remote attackers to execute arbitrary PHP code via a URL in the lmpath parameter. NOTE: the vendor has disputed this issue to SecurityTracker, stating that the $lmpath variable is set to a constant...
CVE-2006-3692
PHP remote file inclusion vulnerability in enduser/listmessenger.php in ListMessenger 0.9.3 allows remote attackers to execute arbitrary PHP code via a URL in the lmpath parameter. NOTE: the vendor has disputed this issue to SecurityTracker, stating that the $lmpath variable is set to a constant...
CVE-2006-3692
The CVE-2006-3692 entry concerns ListMessenger 0.9.3. Affected component: enduser/listmessenger.php. Issue: PHP remote file inclusion via the lm_path parameter that can allow remote code execution. Root cause described in sources: the vulnerability arises from a parameter (lm_path) used in a way ...