Phlymail » Phlymail Lite : Security Vulnerabilities, CVEs, CVSS score >= 1
PHP remote file inclusion vulnerability in handlers/email/mod.output.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter, a different vector than CVE-2006-4291. NOTE: This issue has been disputed by a third party, who states that the _IN_PHM_ declaration prevents this file from being called directly
Max CVSS
7.5
EPSS Score
0.83%
Published
2006-08-29
Updated
2024-04-11
PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter.
Max CVSS
5.1
EPSS Score
9.48%
Published
2006-08-22
Updated
2017-10-19
2 vulnerabilities found