CVE-2015-3345

SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the "phpList database."...

CVE-2015-3345

The CVE-2015-3345 issue affects the Drupal PHPlist Integration Module (6.x-1.x) before 6.x-1.7. The vulnerability is an SQL injection that could allow remote administrators to execute arbitrary SQL commands via the phpList database. Root cause: the module’s integration points expose the Drupal/da...

SA-CONTRIB-2015-003 - PHPlist Integration Module - SQL Injection

The PHPlist Integration module provides an integration between a Drupal website and phpList newsletter manager. The module provides two main features: user sync and sending a node as a newsletter. The module introduces a SQL Injection vulnerability to the phpList database. The Drupal database is...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to 1 subscribing or 2 unsubscribing to...

SA-CONTRIB-2009-102 - PHPList Integration Module - Cross Site Request Forgery

The PHPList module provides a basic level of integration between Drupal and the PHPList mailing list application. The Drupal Forms API protects against cross site request forgeries CSRF, where a malicious site can cause a user to unintentionally submit a form to a site where they are authenticate...