Unrated severityNVD Advisory· Published Feb 20, 2023· Updated Nov 25, 2024

arnoldle submitByMailPlugin edit_list.php cross-site request forgery

CVE-2015-10081

Description

A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and classified as problematic. This issue affects some unknown processing of the file edit_list.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.0b2.9a is able to address this issue. The patch is named a739f680a1623d22f52ff1371e86ca472e63756f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221495.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site request forgery in submitByMailPlugin 1.0b2.9 allows remote attackers to perform unauthorized actions via edit_list.php.

Vulnerability

The submitByMailPlugin for phplist version 1.0b2.9 is vulnerable to cross-site request forgery (CSRF) in the file edit_list.php. The manipulation leads to CSRF. [1]

Exploitation

An attacker can initiate the attack remotely. The exact exploitation steps are not disclosed in the available references, but typical CSRF requires an authenticated user to be tricked into executing a malicious request.

Impact

Successful exploitation could allow an attacker to perform unauthorized actions on behalf of an authenticated user, potentially leading to data modification or other operations within the plugin's context.

Mitigation

Upgrade to version 1.0b2.9a, which includes the fix. The patch is identified by commit a739f680a1623d22f52ff1371e86ca472e63756f. [1] No workarounds are mentioned.

References

Added csrf prevention to edit_list.php · arnoldle/phplist-plugin-submitByMailPlugin@a739f68

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

arnoldle/submitByMailPluginllm-create
Range: <=1.0b2.9
arnoldle/submitByMailPluginv5
Range: 1.0b2.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/arnoldle/phplist-plugin-submitByMailPlugin/commit/a739f680a1623d22f52ff1371e86ca472e63756fmitrepatch
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000