Unrated severityNVD Advisory· Published Jul 6, 2021· Updated Aug 4, 2024
CVE-2020-22249
CVE-2020-22249
Description
Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution
Affected products
2- phplist/phplistdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- drive.google.com/openmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.