Last Updated on Wednesday, 4 February 2009 01:25 Written by Arvand Sabetian Wednesday, 4 February 2009 01:22
PHPList is an open-source newsletter manager. It is written in php. On January 29th 2009 they posted a software update. “[The update] fixes a local file include vulnerability.This vulnerability allows attackers to display the contents of files on the server, which can aid them to gain unauthorised access“.
They also included a one-line workaround if you could not patch fast enough.
UPDATE: An exploit against this vulnerability was published and used in the wild on Jan 14th 2009, 2 weeks before the patch was issued.