cbcvebase.
CVE-2009-0422
published 2009-02-05

CVE-2009-0422: Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to…

PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
6.20%
92.6th percentile
Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php.

Affected

70 ranges· showing 25
VendorProductVersion rangeFixed in
tincanphplist<= 2.10.8
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
tincanphplist
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.