- Home
- CVEs with nessus.description==The remote host is running phpListPro, a website voting/ranking tool written in PHP.
The installed version of phpListPro fails to sanitize user input to the 'returnpath' parameter of the 'config.php', 'editsite.php', 'addsite.php', and 'in.php' scripts before using it to include PHP code from other files. An unauthenticated attacker may be able to read arbitrary local files or include a file from a remote host that contains commands which will be executed on the remote host subject to the privileges of the web server process.
These flaws are only exploitable if PHP's 'register_globals' is enabled
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top