phpListPro Multiple Script returnpath Parameter Remote File Inclusions
High Nessus Plugin ID 21310
SynopsisThe remote web server contains a PHP application that is affected by remote file include vulnerabilities.
DescriptionThe remote host is running phpListPro, a website voting/ranking tool written in PHP.
The installed version of phpListPro fails to sanitize user input to the 'returnpath' parameter of the 'config.php', 'editsite.php', 'addsite.php', and 'in.php' scripts before using it to include PHP code from other files. An unauthenticated attacker may be able to read arbitrary local files or include a file from a remote host that contains commands which will be executed on the remote host subject to the privileges of the web server process.
These flaws are only exploitable if PHP's 'register_globals' is enabled.
SolutionEdit the affected files as discussed in the vendor advisory above.