Smartisoft Phplistpro vulnerabilities
3 known vulnerabilities affecting smartisoft/phplistpro.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2006-1749P3HIGHCVSS 7.5PoC≤ 2.0v2.012006-04-12
CVE-2006-1749 [HIGH] CWE-94 CVE-2006-1749: PHP remote file inclusion vulnerability in config.php in phpListPro 2.0 and earlier allows remote at
PHP remote file inclusion vulnerability in config.php in phpListPro 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the returnpath parameter. NOTE: this issue was later reported to affect 2.01 as well.
nvd
CVE-2006-2523P3HIGHCVSS 7.5PoC≤ 2.0.1v2.02006-05-22
CVE-2006-2523 [HIGH] CVE-2006-2523: PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magic_qu
PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the Language cookie.
nvd
CVE-2006-2323P3MEDIUMCVSS 5.1PoC≤ 2.01v2.02006-05-12
CVE-2006-2323 [MEDIUM] CVE-2006-2323: Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow r
Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in (1) editsite.php, (2) addsite.php, and (3) in.php. NOTE: The config.php vector is already covered by CVE-2006-1749.
nvd