CVE-2006-4291

Name of the Vulnerable Software and Affected Versions PHlyMail Lite versions 3.4.4 and earlier

Description A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the PM [path][handler] parameter. This affects the handlers/email/mod.listmail.php file.

Recommendations For PHlyMail Lite versions 3.4.4 and earlier, update to a version later than 3.4.4 to resolve the issue. As a temporary workaround, consider restricting access to the handlers/email/mod.listmail.php file to minimize the risk of exploitation. Avoid using the PM [path][handler] parameter in the affected API endpoint until the issue is resolved.