CVE-2006-3692

Name of the Vulnerable Software and Affected Versions ListMessenger version 0.9.3

Description A remote file inclusion issue in enduser/listmessenger.php allows remote attackers to execute arbitrary PHP code via a URL in the lm path parameter. However, the vendor has disputed this issue, stating that the $lm path variable is set to a constant value, and as of 20060726, this claim is concurred with based on post-disclosure analysis.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.