CVE-2006-1749 Information

Description

PHP remote file inclusion vulnerability in config.php in phpListPro 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the returnpath parameter. NOTE: this issue was later reported to affect 2.01 as well.

Reference

http://secunia.com/advisories/19625 http://www.osvdb.org/24540 http://www.securityfocus.com/archive/1/430614 http://www.securityfocus.com/archive/1/433562/100/0/threaded http://www.securityfocus.com/bid/17448 http://www.vupen.com/english/advisories/2006/1325 https://exchange.xforce.ibmcloud.com/vulnerabilities/25760