EUVD-2009-4037

Malware in sbrugna...

Drupal PHPlist Integration Module SQL Injection Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community. phpList Integration is one of the modules that provides integration functionality between the Drupal website and the phpList Communication Manager. A SQL injection vulnerability exists...

CVE-2015-3345

SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the "phpList database."...

Sql injection

SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the "phpList database."...

CVE-2015-3345

The CVE-2015-3345 issue affects the Drupal PHPlist Integration Module (6.x-1.x) before 6.x-1.7. The vulnerability is an SQL injection that could allow remote administrators to execute arbitrary SQL commands via the phpList database. Root cause: the module’s integration points expose the Drupal/da...

SA-CONTRIB-2015-003 - PHPlist Integration Module - SQL Injection

The PHPlist Integration module provides an integration between a Drupal website and phpList newsletter manager. The module provides two main features: user sync and sending a node as a newsletter. The module introduces a SQL Injection vulnerability to the phpList database. The Drupal database is...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to 1 subscribing or 2 unsubscribing to...

CVE-2009-4066

Multiple cross-site request forgery CSRF vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to 1 subscribing or 2 unsubscribing to...

CVE-2009-4066

CVE-2009-4066 describes multiple CSRF vulnerabilities in the Drupal PHPList Integration module’s "My Account" feature. Affected products are Drupal modules: PHPList Integration 5.x (before 5.x-1.2) and 6.x (before 6.x-1.1). The underlying issue allows remote attackers to hijack the authentication...

SA-CONTRIB-2009-102 - PHPList Integration Module - Cross Site Request Forgery

The PHPList module provides a basic level of integration between Drupal and the PHPList mailing list application. The Drupal Forms API protects against cross site request forgeries CSRF, where a malicious site can cause a user to unintentionally submit a form to a site where they are authenticate...