Unrated severityNVD Advisory· Published Apr 12, 2006· Updated Apr 16, 2026
CVE-2006-1746
CVE-2006-1746
Description
Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable.
Affected products
13cpe:2.3:a:tincan:phplist:*:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:tincan:phplist:*:*:*:*:*:*:*:*range: <=2.10.2
- cpe:2.3:a:tincan:phplist:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:tincan:phplist:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:tincan:phplist:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:tincan:phplist:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:tincan:phplist:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:tincan:phplist:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:tincan:phplist:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:tincan:phplist:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:tincan:phplist:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:tincan:phplist:2.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:tincan:phplist:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:tincan:phplist:2.8.7:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.securityfocus.com/archive/1/430597nvdPatch
- downloads.securityfocus.com/vulnerabilities/exploits/PHPList-lfi.phpnvdExploit
- www.securityfocus.com/archive/1/430475/30/30/threadednvdExploit
- www.securityfocus.com/bid/17429nvdExploit
- securitytracker.com/idnvd
- tincan.co.uknvd
- www.securityfocus.com/archive/1/448411nvd
- www.vupen.com/english/advisories/2006/1296nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/25701nvd
News mentions
0No linked articles in our index yet.