EUVD-2011-1682

Malware in sbrugna...

EUVD-2006-5307

Malware in sbrugna...

EUVD-2020-29413

Malware in sbrugna...

Design/Logic Flaw

An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. Specifically, for a request with updatepassword=1, a modified...

CVE-2023-27576

An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. Specifically, for a request with updatepassword=1, a modified...

PHPList Cross-Site Scripting Vulnerability

phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist version 3.5.3. The vulnerability can be exploited to execute arbitrary web script or HTML via the "Add List" field under the "Import Email" module...

CVE-2021-3188

phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports...

CVE-2020-12639

phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php...

phpList 3.5.0 - Authentication Bypass

Exploit Title: phpList 3.5.0 - Authentication Bypass Google Dork: N/A Date: 2020-02-03 Exploit Author: Suvadip Kar Author Contact: https://twitter.com/spidersec Vendor Homepage: https://www.phplist.org Software Link: https://www.phplist.org/download-phplist/ Version: 3.5.0 Tested on: Linux CVE :...