CVE-2017-20031

Exploit

EPSS 0.23%
Veröffentlicht 10.06.2022 10:15:08
Zuletzt bearbeitet 21.11.2024 03:22:29
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was found in PHPList 3.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sortby with the input password leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phplist ≫ Phplist Version3.2.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.454

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
cna@vuldb.com	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://seclists.org/fulldisclosure/2017/Mar/45

Third Party Advisory

Exploit

Mailing List

https://vuldb.com/?id.98917

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-20031

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-20031

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-20031

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-20031