2 matches found
CVE-2006-3482
The CVE-2006-3482 entry details a cross-site scripting (XSS) vulnerability in PHPMailList’s maillist.php file, affecting PHPMailList 1.8.0 and earlier. The flaw allows remote attackers to inject arbitrary web script or HTML via the email parameter, indicating a client-side impact on web applicati...
CVE-2006-3483
PHPMailList 1.8.0 is affected. The issue is insufficient access control that allows remote attackers to directly access sensitive files (list.dat, ml_config.dat) under the web root, exposing subscriber email addresses, configuration information, and admin credentials. This is tied to the CVE-2006...