CVE-2006-2323
published 2006-05-12CVE-2006-2323: Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in…
PriorityP337medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
9.85%
95.0th percentile
Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in (1) editsite.php, (2) addsite.php, and (3) in.php. NOTE: The config.php vector is already covered by CVE-2006-1749.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| smartisoft | phplistpro | <= 2.01 | — |
| smartisoft | phplistpro | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://securityreason.com/securityalert/156http://securityreason.com/securityalert/688http://securityreason.com/securityalert/882http://securitytracker.com/id?1016060http://www.osvdb.org/25904http://www.osvdb.org/25905http://www.osvdb.org/25906http://www.securityfocus.com/archive/1/433285/100/0/threadedhttp://www.securityfocus.com/archive/1/433562/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/26359http://securityreason.com/securityalert/156http://securityreason.com/securityalert/688http://securityreason.com/securityalert/882http://securitytracker.com/id?1016060http://www.osvdb.org/25904http://www.osvdb.org/25905http://www.osvdb.org/25906http://www.securityfocus.com/archive/1/433285/100/0/threadedhttp://www.securityfocus.com/archive/1/433562/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/26359
2006-05-12
Published