CVE-2005-3556
- EPSS 3.64%
- Veröffentlicht 16.11.2005 07:42:00
- Zuletzt bearbeitet 16.06.2026 22:17:11
Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php, (2) title parameter in (b) admin/spageedit.php, ...
- EPSS 2.2%
- Veröffentlicht 16.11.2005 07:42:00
- Zuletzt bearbeitet 16.06.2026 22:17:11
Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request.
CVE-2005-2432
- EPSS 1.31%
- Veröffentlicht 03.08.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:14:52
SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin.
- EPSS 3.36%
- Veröffentlicht 03.08.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:14:52
PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.php, (2) connect.php, (3) domainstats.php or (4) usercheck.php in public_html/lists/admin directory, (5) attributes.php, (6) dbcheck.php, (7) importcsv....