CVE-2006-1746

Name of the Vulnerable Software and Affected Versions: PHPList versions 2.10.2 and earlier

Description: A directory traversal issue allows remote attackers to include arbitrary local files by overwriting the underlying $GLOBALS variable via the GLOBALS[database module] or GLOBALS[language module] parameters.

Recommendations: For PHPList versions 2.10.2 and earlier, consider restricting access to the GLOBALS[database module] and GLOBALS[language module] parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.