PHP remote file inclusion vulnerability in handlers/email/mod.output.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the PM[path][handler] parameter, a different vector than CVE-2006-4291. NOTE: This issue has been disputed.....
7.5AI Score
0.095EPSS
PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the PM[path][handler]...
7.5AI Score
0.095EPSS
Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack...
6.1AI Score
0.006EPSS
SQL injection vulnerability in PHlyMail 3.02.01 allows remote attackers to execute arbitrary SQL commands via unknown attack...
8.8AI Score
0.01EPSS
Unknown vulnerability in the "frontend authentication" in PHlyMail 3.02.00 has unknown impact and attack...
6.9AI Score
0.004EPSS