3 matches found
CVE-2006-1749
CVE-2006-1749 affects phpListPro 2.0 and earlier. The issue is a PHP remote file inclusion vulnerability where input from the returnpath parameter (in config.php and related scripts) can be used to include arbitrary PHP code, enabling code execution on the server. Exploitation is described as pos...
CVE-2006-2323
The connected entries clearly describe a Remote File Inclusion (RFI) vulnerability in phpListPro (SmartISoft phpListPro) affecting 2.0 and earlier, exploitable via the returnpath parameter in config.php, editsite.php, addsite.php, and in.php. The underlying issue is failure to sanitize user input...
CVE-2006-2523
The CVE-2006-2523 entry details a PHP remote file inclusion in phpListPro 2.0.1 and earlier, caused by improper handling of the Language cookie when magic_quotes_gpc is disabled. This allows an attacker to execute arbitrary PHP code by providing a malicious URL in the Language cookie. The affecte...