6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
52.0%
The PHPlist Integration module provides an integration between a Drupal website and phpList newsletter manager. The module provides two main features: user sync and sending a node as a newsletter.
The module introduces a SQL Injection vulnerability to the phpList database. The Drupal database is not affected.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission “administer PHPlist”.
Drupal core is not affected. If you do not use the contributed PHPlist Integration Module module, there is nothing you need to do.
Install the latest version:
Also see the PHPlist Integration Module project page.
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/project/phplist
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/u/klausi
www.drupal.org/user/2301194
www.drupal.org/user/745218
www.drupal.org/writing-secure-code