Back to search
CVE-2006-3692
Published: Jul 18, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
PHP remote file inclusion vulnerability in enduser/listmessenger.php in ListMessenger 0.9.3 allows remote attackers to execute arbitrary PHP code via a URL in the lm_path parameter. NOTE: the vendor has disputed this issue to SecurityTracker, stating that the $lm_path variable is set to a constant value. As of 20060726, CVE concurs with the vendor based on SecurityTracker's post-disclosure analysis
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20060716 ListMessenger v0.9.3 Remote File Inclusion Vulnerability
mailing-list
x_refsource_BUGTRAQ
1243
third-party-advisory
x_refsource_SREASON
19014
vdb-entry
x_refsource_BID
20060725 ListMessenger dispute CVE-2006-3692
mailing-list
x_refsource_VIM
28289
vdb-entry
x_refsource_OSVDB
1016530
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now