Intrusion Prevention

Phplist.Local.Include.Command.Execution

Description

It indicates a possible attack against a file-inclusion vulnerability in phpList.
The vulnerability is caused by an error when the vulnerable software handles include files. It allows a remote attacker to execute arbitrary code via sending a crafted web request.

Affected Products

phpList versions before 2.10.8

Impact

System Compromise

Recommended Actions

Update to phpList version 2.10.8.

CVE References

CVE-2008-5887