CVE-2006-3483

Name of the Vulnerable Software and Affected Versions PHPMailList version 1.8.0

Description The issue allows remote attackers to obtain sensitive information, including email addresses of subscribers, configuration information, and the admin username and password, by making direct requests to specific files. This is due to insufficient access control for sensitive information stored under the web document root. The affected files include "list.dat" and "ml config.dat".

Recommendations For PHPMailList version 1.8.0, consider restricting access to the "list.dat" and "ml config.dat" files to prevent unauthorized access until a patch is available. As a temporary workaround, move these files outside of the web document root or apply appropriate access controls to prevent direct requests.