PHPList 输入验证漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1184135 漏洞类型 输入验证
发布时间 2009-01-12 更新时间 2009-03-18
CVE编号 CVE-2008-5887 CNNVD-ID CNNVD-200901-107
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://cxsecurity.com/issue/WLB-2008120033
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200901-107
|漏洞详情
PHPlist是一个开源newsletter管理器,易于与任何网站相集成。phplist2.10.8之前的版本允许远程攻击者借助与"本地文件包含漏洞"相关的未知向量,来包含文件。
|漏洞EXP
phpList is a feature rich newsletter application written in PHP.

phpList has a local file include vulnerability. The vulnerability has
already been exploited.

affected versions: any version up to including 2.10.7

fixed in version 2.10.8

Related links:
www.phplist.com phpList homepage
http://sourceforge.net/projects/phplist Sourceforge Project page.
|参考资料

来源:XF
名称:phplist-unspecified-file-include(47395)
链接:http://xforce.iss.net/xforce/xfdb/47395
来源:BID
名称:32841
链接:http://www.securityfocus.com/bid/32841
来源:BUGTRAQ
名称:20081215phpListvulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/499218/100/0/threaded
来源:www.phplist.com
链接:http://www.phplist.com/?lid=273
来源:SREASON
名称:4901
链接:http://securityreason.com/securityalert/4901
来源:SECUNIA
名称:33186
链接:http://secunia.com/advisories/33186