CVE-2005-3556
- EPSS 5.27%
- Veröffentlicht 16.11.2005 07:42:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php, (2) title parameter in (b) admin/spageedit.php, ...
- EPSS 1.08%
- Veröffentlicht 16.11.2005 07:42:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request.
CVE-2005-2432
- EPSS 0.7%
- Veröffentlicht 03.08.2005 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin.
- EPSS 1.36%
- Veröffentlicht 03.08.2005 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.php, (2) connect.php, (3) domainstats.php or (4) usercheck.php in public_html/lists/admin directory, (5) attributes.php, (6) dbcheck.php, (7) importcsv....