Phplist

Phplist

40 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-8547

Exploit
  • EPSS 3.29%
  • Veröffentlicht 03.02.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:39:00

phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.

6.8

CVE-2014-2916

Exploit
  • EPSS 0.18%
  • Veröffentlicht 05.05.2014 16:07:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/.

4.3

CVE-2012-2741

Exploit
  • EPSS 11.32%
  • Veröffentlicht 06.09.2012 17:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action.

7.5

CVE-2012-2740

Exploit
  • EPSS 6.07%
  • Veröffentlicht 06.09.2012 17:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action.

4.3

CVE-2012-4247

  • EPSS 4.78%
  • Veröffentlicht 12.08.2012 00:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_passw...

4.3

CVE-2012-4246

Exploit
  • EPSS 5.67%
  • Veröffentlicht 12.08.2012 00:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget paramete...

7.5

CVE-2012-3953

Exploit
  • EPSS 0.61%
  • Veröffentlicht 12.08.2012 00:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.

2.6

CVE-2012-3952

Exploit
  • EPSS 6.61%
  • Veröffentlicht 12.08.2012 00:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.

7.5

CVE-2008-6178

Exploit
  • EPSS 9.47%
  • Veröffentlicht 19.02.2009 16:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with P...

6.8

CVE-2006-5524

Exploit
  • EPSS 7.04%
  • Veröffentlicht 26.10.2006 16:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321.