CVE

CVE-2005-3557

Date: (C)2005-11-16   (M)2023-12-22

Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE

Reference:

BID-15350

SECUNIA-17476

http://www.securityfocus.com/archive/1/416005/30/0/threaded

OSVDB-20569

ADV-2005-2345

http://www.trapkit.de/advisories/TKADV2005-11-001.txt