VYPR

Phplist

by Phplist

CVEs (52)

  • CVE-2021-3188Jan 21, 2021
    risk 0.00cvss epss 0.02

    phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.

  • CVE-2020-35708Dec 25, 2020
    risk 0.00cvss epss 0.01

    phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.

  • CVE-2020-15072Jul 8, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.

  • CVE-2020-15073Jul 8, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.

  • CVE-2020-13827Jun 4, 2020
    risk 0.00cvss epss 0.01

    phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php.

  • CVE-2020-12639May 4, 2020
    risk 0.00cvss epss 0.01

    phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php.

  • CVE-2014-2916May 5, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/.

  • CVE-2006-5322Oct 17, 2006
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2006-1746Apr 12, 2006
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable.

  • CVE-2005-3557Nov 16, 2005
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request.

  • CVE-2005-2433Aug 3, 2005
    risk 0.00cvss epss 0.03

    PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.php, (2) connect.php, (3) domainstats.php or (4) usercheck.php in public_html/lists/admin directory, (5) attributes.php, (6) dbcheck.php, (7) importcsv.php, (8) user.php, (9)…

  • CVE-2004-2744Dec 31, 2004
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vectors, related to a "security update release."

Page 3 of 3