cbcvebase.
CVE-2006-1746
published 2006-04-12

CVE-2006-1746: Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module]…

PriorityP426medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
2.38%
81.8th percentile
Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable.

Affected

13 ranges
VendorProductVersion rangeFixed in
tincanphplist<= 2.10.2
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.