EUVD-2012-2720

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

SQL injection vulnerability in phpList before 2.10.18 allows remote command execution via sortby parameter

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2012-2740	21 Mar 201200:00	–	circl
CVE	CVE-2012-2740	6 Sep 201217:00	–	cve
Cvelist	CVE-2012-2740	6 Sep 201217:00	–	cvelist
Tenable Nessus	FreeBSD : phpList -- SQL injection and XSS vulnerability (fd8bac56-c444-11e1-864b-001cc0877741)	3 Jul 201200:00	–	nessus
NVD	CVE-2012-2740	6 Sep 201217:55	–	nvd
OpenVAS	FreeBSD Ports: phplist	10 Aug 201200:00	–	openvas
OpenVAS	FreeBSD Ports: phplist	10 Aug 201200:00	–	openvas
Prion	Sql injection	6 Sep 201217:55	–	prion
RedhatCVE	CVE-2012-2740	22 May 202512:10	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "4eca8497-b851-3439-8d4e-2053656d9128",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "84180377-5a2a-3ca0-bbe5-dbacb90571bc",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
securitytracker	www.securitytracker.com/id
securityfocus	www.securityfocus.com/bid/52657
openwall	www.openwall.com/lists/oss-security/2012/06/16/1
mantis	www.mantis.phplist.com/view.php
zeroscience	www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5081.php
exploit-db	www.exploit-db.com/exploits/18639
phplist	www.phplist.com/
openwall	www.openwall.com/lists/oss-security/2012/06/17/2
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

6.2Medium risk

Vulners AI Score6.2

CVSS 27.5

EPSS0.05047

sql injection vulnerability phplist remote command execution