漏洞信息详情

漏洞简介

PHPlist是一个开源newsletter管理器,易于与任何网站相集成。

PHPlist 2.10.1及更早版本的admin/defaults.php中的目录遍历漏洞,可让远程攻击者通过HTTP POST请求中所选\\%5B\\%5D参数中的..(参数中包含\'\'..\'\')访问任意文件。

漏洞公告

供应商已在PHPList 2.10.2和更新版本中解决了这些问题:

PHPList Mailing List Manager 2.10.1

PHPList phplist-2.10.2.tgz

http://prdownloads.sourceforge.net/phplist/phplist-2.10.2.tgz?download

Mailing List Manager 2.6

PHPList phplist-2.10.2.tgz

http://prdownloads.sourceforge.net/phplist/phplist-2.10.2.tgz?download

PHPList Mailing List Manager 2.6.1

PHPList phplist-2.10.2.tgz

http://prdownloads.sourceforge.net/phplist/phplist-2.10.2.tgz?download

PHPList Mailing List Manager 2.6.2

PHPList phplist-2.10.2.tgz

http://prdownloads.sourceforge.net/phplist/phplist-2.10.2.tgz?download

PHPList Mailing List Manager 2.6.3

PHPList phplist-2.10.2.tgz

http://prdownloads.sourceforge.net/phplist/phplist-2.10.2.tgz?download

PHPList Mailing List Manager 2.6.4

PHPList phplist-2.10.2.tgz

http://prdownloads.sourceforge.net/phplist/phplist-2.10.2.tgz?download

PHPList Mailing List Manager 2.8.12

PHPList phplist-2.10.2.tgz

http://prdownloads.sourceforge.net/phplist/phplist-2.10.2.tgz?download

参考网址

来源: MISC

链接:http://www.trapkit.de/advisories/TKADV2005-11-001.txt

来源: BUGTRAQ

名称: 20051107 [TKADV2005-11-001] Multiple vulnerabilities in PHPlist

链接:http://www.securityfocus.com/archive/1/archive/1/416005/30/0/threaded

来源: VUPEN

名称: ADV-2005-2345

链接:http://www.frsirt.com/english/advisories/2005/2345

来源: SECUNIA

名称: 17476

链接:http://secunia.com/advisories/17476

来源: BID

名称: 15350

链接:http://www.securityfocus.com/bid/15350

来源: OSVDB

名称: 20569

链接:http://osvdb.org/20569

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多