Vulnerabilities > CVE-2005-3557 - Input Validation vulnerability in PHPList

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

tincan

NVD

Published: 2005-11-16

Updated: 2018-10-19

Summary

Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request.

Vulnerable Configurations

Part	Description	Count
Application	Tincan Tincan Phplist 1.0 Tincan Phplist 1.0.1 Tincan Phplist 1.1.2B Tincan Phplist 1.1.3B Tincan Phplist 1.1.4B Tincan Phplist 1.1.5 Tincan Phplist 1.1.5B Tincan Phplist 1.1.6 Tincan Phplist 1.1.7 Tincan Phplist 1.3.5 Tincan Phplist 1.3.7 Tincan Phplist 1.4.1 Tincan Phplist 1.5.0 Tincan Phplist 1.5.1 Tincan Phplist 1.6.0 Tincan Phplist 1.6.1 Tincan Phplist 1.6.3 Tincan Phplist 1.6.4 Tincan Phplist 1.7.0 Tincan Phplist 1.7.1 Tincan Phplist 1.8.0 Tincan Phplist 1.9.0 Tincan Phplist 1.9.1 Tincan Phplist 1.9.2 Tincan Phplist 1.9.3 Tincan Phplist 2.1.0 Tincan Phplist 2.1.1 Tincan Phplist 2.1.3 Tincan Phplist 2.1.4 Tincan Phplist 2.2.0 Tincan Phplist 2.2.1 Tincan Phplist 2.3.0 Tincan Phplist 2.3.1 Tincan Phplist 2.3.2 Tincan Phplist 2.3.3 Tincan Phplist 2.3.4 Tincan Phplist 2.4.0 Tincan Phplist 2.4.7 Tincan Phplist 2.5.0 Tincan Phplist 2.5.1 Tincan Phplist 2.5.2 Tincan Phplist 2.5.3 Tincan Phplist 2.5.4 Tincan Phplist 2.5.5 Tincan Phplist 2.5.6 Tincan Phplist 2.5.7 Tincan Phplist 2.5.8 Tincan Phplist 2.6 Tincan Phplist 2.6.0 Tincan Phplist 2.6.1 Tincan Phplist 2.6.2 Tincan Phplist 2.6.3 Tincan Phplist 2.6.4 Tincan Phplist 2.6.5 Tincan Phplist 2.7.1 Tincan Phplist 2.7.2 Tincan Phplist 2.8.2 Tincan Phplist 2.8.7 Tincan Phplist 2.8.12 Tincan Phplist 2.9.3 Tincan Phplist 2.9.4 Tincan Phplist 2.9.5 Tincan Phplist 2.10.1	63

Summary

Vulnerable Configurations

References