Description
PHP remote file inclusion vulnerability in enduser/listmessenger.php in ListMessenger 0.9.3 allows remote attackers to execute arbitrary PHP code via a URL in the lm_path parameter. NOTE: the vendor has disputed this issue to SecurityTracker, stating that the $lm_path variable is set to a constant value. As of 20060726, CVE concurs with the vendor based on SecurityTracker's post-disclosure analysis
Exploits (1)
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/440291/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1243
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/19014
Third Party Advisory mailing-list
x_refsource_vim
http://www.attrition.org/pipermail/vim/2006-July/000946.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/28289
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016530
Scores
EPSS
0.0666
EPSS Percentile
91.3%
Details
Status
published
Products (1)
silentweb/listmessenger
0.9.3
Published
Jul 21, 2006
Tracked Since
Feb 18, 2026