Security Advisory

CVE-2009-0422

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2009-02-05 00:00:00

Last updated 2024-08-07 04:31:26

Assigner mitre

State PUBLISHED

Description

Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php.

← Browse all CVEs View on cve.org ↗