Cross site request forgery (csrf)

2011-04-1314:55:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.1%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in phpList before 2.10.13 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) edit administrator accounts.

CPENameOperatorVersion
phplisteq2.4.0
phplisteq2.5.6
phplisteq2.10.6
phplisteq2.10.3
phplisteq1.6.1
phplisteq2.8.2
phplisteq1.9.0
phplisteq2.5.5
phplisteq1.6.0
phplisteq2.10.10

Name	Operator	Version
phplist	eq	2.4.0
phplist	eq	2.5.6
phplist	eq	2.10.6
phplist	eq	2.10.3
phplist	eq	1.6.1
phplist	eq	2.8.2
phplist	eq	1.9.0
phplist	eq	2.5.5
phplist	eq	1.6.0
phplist	eq	2.10.10

Rows per page:

1-10 of 741

References

int21.de/cve/CVE-2011-0748-phplist.html

osvdb.org/78549

secunia.com/advisories/44041

securityreason.com/securityalert/8199

www.phplist.com/?lid=516

www.securityfocus.com/archive/1/517400/100/0/threaded

www.securityfocus.com/bid/51681

exchange.xforce.ibmcloud.com/vulnerabilities/72746

www.exploit-db.com/exploits/18419