← volver
CVE-2006-3692

CVE-2006-3692

EPSS 3.6%
PHP remote file inclusion vulnerability in enduser/listmessenger.php in ListMessenger 0.9.3 allows remote attackers to execute arbitrary PHP code via a URL in the lm_path parameter. NOTE: the vendor has disputed this issue to SecurityTracker, stating that the $lm_path variable is set to a constant value. As of 20060726, CVE concurs with the vendor based on SecurityTracker's post-disclosure analysis
Productos afectados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/28231no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://securityreason.com/securityalert/1243http://securitytracker.com/id?1016530http://www.attrition.org/pipermail/vim/2006-July/000946.htmlhttp://www.osvdb.org/28289http://www.securityfocus.com/archive/1/440291/100/0/threadedhttp://www.securityfocus.com/bid/19014