FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phplist -- local file inclusion vulnerability

Affected packages
phplist < 2.10.9

Details

VuXML ID 40774927-f6b4-11dd-94d9-0030843d3802
Discovery 2009-01-15
Entry 2009-02-09

Secunia reports:

Input passed to the "_SERVER[ConfigFile]" parameter in admin/index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

References

CVE Name CVE-2009-0422
URL http://secunia.com/advisories/33533/