EUVD-2020-6041

Malware in sbrugna...

CVE-2020-23361

phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters...

CVE-2020-35708

phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page...

CVE-2012-2740

SQL injection vulnerability in publichtml/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action...

CVE-2017-20036

A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting Persistent. It is possible to launch the attack remotely. Upgrading to version...

CVE-2017-20035

A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting Persistent. The attack may be initiated remotely. Upgrading to...

CVE-2017-20032 PHPList Subscription sql injection

A vulnerability was found in PHPList 3.2.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Subscription. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

phplist 跨站脚本漏洞

phplist is a set of open source newsletter and email marketing software from phplist UK. phplist version 3.2.6 has a security vulnerability that can be exploited by attackers to conduct cross-site scripting attacks...

PT-2021-3849 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phplist version 3.5.1 Description: The issue is related to a lack of restrictions on file uploads in the phplist application, which can be exploited by uploading a malicious plugin containing PHP files with certain extensions, such as PHP,...

PT-2021-10858 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phplist version 3.5.3 Description: A stored cross site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Send test field under the Start or continue campaign module...

Sql injection

phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page...

PT-2020-17397 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phpList version 3.5.9 Description: The issue allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page. Recommendations: For phpList version 3.5.9, consider restricting access to t...

PT-2020-6385 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phplist version 3.5.3 Description: The issue is related to a lack of protection for the web page structure, allowing a remote attacker to perform cross-site scripting attacks. This can be achieved by creating a new username in the login name...