VYPR
Unrated severityNVD Advisory· Published Jul 6, 2021· Updated Aug 4, 2024

CVE-2020-22249

CVE-2020-22249

Description

Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution

Affected products

3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.