Unrated severityNVD Advisory· Published Sep 6, 2012· Updated Apr 29, 2026
CVE-2012-2740
CVE-2012-2740
Description
SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action.
Affected products
16cpe:2.3:a:phplist:phplist:*:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:phplist:phplist:*:*:*:*:*:*:*:*range: <=2.10.17
- cpe:2.3:a:phplist:phplist:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.10:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.11:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.12:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.13:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.14:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.15:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.16:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.8:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.phplist.comnvdPatchVendor Advisory
- www.exploit-db.com/exploits/18639nvdExploit
- www.securityfocus.com/bid/52657nvdExploit
- securitytracker.com/idnvd
- www.openwall.com/lists/oss-security/2012/06/16/1nvd
- www.openwall.com/lists/oss-security/2012/06/17/2nvd
- www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5081.phpnvd
- mantis.phplist.com/view.phpnvd
News mentions
0No linked articles in our index yet.