VYPR

Phplistpro

by Smartisoft

CVEs (3)

  • CVE-2006-2323May 12, 2006
    risk 0.04cvss epss 0.10

    Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in (1) editsite.php, (2) addsite.php, and (3) in.php. NOTE: The config.php vector is already…

  • CVE-2006-1749Apr 12, 2006
    risk 0.04cvss epss 0.08

    PHP remote file inclusion vulnerability in config.php in phpListPro 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the returnpath parameter. NOTE: this issue was later reported to affect 2.01 as well.

  • CVE-2006-2523May 22, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the Language cookie.