Vulnerabilities > CVE-2006-4429 - Unspecified vulnerability in Phlymail Lite 3.44

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

phlymail

NVD

Published: 2006-08-29

Updated: 2024-04-11

Summary

PHP remote file inclusion vulnerability in handlers/email/mod.output.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter, a different vector than CVE-2006-4291. NOTE: This issue has been disputed by a third party, who states that the _IN_PHM_ declaration prevents this file from being called directly

Vulnerable Configurations

Part	Description	Count
Application	Phlymail Phlymail Phlymail Lite 3.44	1

References

http://www.securityfocus.com/archive/1/444215/100/0/threaded
http://www.osvdb.org/29355
http://marc.info/?l=bugtraq&m=115629049105999&w=2