Test ID:	1.3.6.1.4.1.25623.1.0.80077
Category:	Web application abuses
Title:	phpListPro returnpath Remote File Include Vulnerabilities
Summary:	The remote web server is running phpListPro which is affected by; remote file include vulnerabilities.
Description:	Summary: The remote web server is running phpListPro which is affected by remote file include vulnerabilities. Vulnerability Insight: The installed version of phpListPro fails to sanitize user input to the 'returnpath' parameter of the 'config.php', 'editsite.php', 'addsite.php', and 'in.php' scripts before using it to include PHP code from other files. These flaws are only exploitable if PHP's 'register_globals' is enabled. Vulnerability Impact: An unauthenticated attacker may be able to read arbitrary local files or include a file from a remote host that contains commands which will be executed on the remote host subject to the privileges of the web server process. Solution: Edit the affected files as discussed in the referenced vendor advisory. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1749 BugTraq ID: 17448 http://www.securityfocus.com/bid/17448 Bugtraq: 20060411 phpListPro <= 2.0 - Remote File Include Vulnerability (Google Search) http://www.securityfocus.com/archive/1/430614 Bugtraq: 20060508 PhpListPro 2.01 Remote File Include Vulnerability (Google Search) http://www.securityfocus.com/archive/1/433562/100/0/threaded http://www.osvdb.org/24540 http://secunia.com/advisories/19625 http://www.vupen.com/english/advisories/2006/1325 XForce ISS Database: phplistpro-config-file-include(25760) https://exchange.xforce.ibmcloud.com/vulnerabilities/25760
Copyright	Copyright (C) 2008 Josh Zlatin-Amishav

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.