14 matches found
CVE-2017-20029
A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the...
CVE-2017-20036
A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting Persistent. It is possible to launch the attack remotely. Upgrading to version...
CVE-2017-20030
A vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...
CVE-2017-20029
A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the...
CVE-2017-20031
A vulnerability was found in PHPList 3.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sortby with the input password leads to information disclosure. The attack can be launched remotely. The exploit has been...
CVE-2017-20035
A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting Persistent. The attack may be initiated remotely. Upgrading to...
CVE-2017-20033
A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send'";alert8 leads to cross site scripting Reflected. It is possible to initiate the attack remotely. Upgrading...
Sql injection
A vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...
Cross site scripting
A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting Persistent. The attack can be initiated remotely. Upgrading to version 3.3.1 is able t...
Cross site scripting
A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting Persistent. It is possible to launch the attack remotely. Upgrading to version...
CVE-2017-20036
PHPList 3.2.6 contains a Persistent cross-site scripting (XSS) vulnerability in the Bounce Rule component (file /lists/admin/). The issue is exploitable remotely and affects an unknown function of that file; upgrading to version 3.3.1 is stated as the fix. Several connected sources corroborate th...
CVE-2017-20035 PHPList Subscribe Persistent cross site scriting
A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting Persistent. The attack may be initiated remotely. Upgrading to...
CVE-2017-20034 PHPList List Name Persistent cross site scriting
A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting Persistent. The attack can be initiated remotely. Upgrading to version 3.3.1 is able t...
phplist 3.2.6 - SQL Injection
Introduction Affected Product: phplist 3.2.6 Fixed in: 3.3.1 Fixed Version Link: https://sourceforge.net/projects/phplist/files/phplist/3.3.1/phplist-3.3.1.zip/download Vendor Website: https://www.phplist.org/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor:...