Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

phplist phplist 2.10.2 vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2006-5524
Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote malicious users to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321.
Phplist Phplist 2.10.2
NA
CVE-2012-2740
SQL injection vulnerability in public_html/lists/admin in phpList prior to 2.10.18 allows remote malicious users to execute arbitrary SQL commands via the sortby parameter in a find action.
Phplist Phplist 2.10.13Phplist Phplist 2.10.16Phplist Phplist 2.10.15Phplist Phplist 2.10.14Phplist Phplist 2.10.9Phplist Phplist 2.10.8Phplist Phplist 2.10.7Phplist Phplist 2.10.5Phplist Phplist 2.10.4Phplist Phplist 2.10.11Phplist Phplist 2.10.3Phplist Phplist 2.10.1Phplist Phplist 2.10.12Phplist Phplist 2.10.10Phplist Phplist 2.10.2Phplist Phplist
NA
CVE-2012-2741
Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList prior to 2.10.18 allows remote malicious users to inject arbitrary web script or HTML via the num parameter in a reconcileusers action.
Phplist Phplist 2.10.12Phplist Phplist 2.10.10Phplist Phplist 2.10.2Phplist PhplistPhplist Phplist 2.10.16Phplist Phplist 2.10.15Phplist Phplist 2.10.14Phplist Phplist 2.10.13Phplist Phplist 2.10.8Phplist Phplist 2.10.7Phplist Phplist 2.10.5Phplist Phplist 2.10.4Phplist Phplist 2.10.11Phplist Phplist 2.10.9Phplist Phplist 2.10.3Phplist Phplist 2.10.1
NA
CVE-2008-6178
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote malicious users to execute arbitrary code by creating a file with PHP sequences preceded by...
Phplist Phplist 2.10.1Fckeditor Fckeditor 2.4.3Phplist Phplist 2.10.5Phplist Phplist 2.10.4Fckeditor Fckeditor 2.3betaFckeditor Fckeditor 2.0rc2Fckeditor Fckeditor 2.0rc3Fckeditor Fckeditor 2.2Phplist Phplist 2.10.3Phplist Phplist 2.10.2Phplist Phplist 2.10.6
NA
CVE-2012-4246
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList prior to 2.10.19 allow remote malicious users to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page.
Phplist Phplist 2.10.14Phplist Phplist 2.10.12Phplist Phplist 2.10.4Phplist Phplist 2.10.2Phplist Phplist 2.7.2Phplist Phplist 2.6.5Phplist Phplist 2.10.11Phplist Phplist 2.10.10Phplist Phplist 2.10.9Phplist Phplist 2.10.8Phplist Phplist 2.10.7Phplist PhplistPhplist Phplist 2.10.17Phplist Phplist 2.10.16Phplist Phplist 2.10.1Phplist Phplist 2.8.12Phplist Phplist 2.8.7Phplist Phplist 2.8.2Phplist Phplist 2.10.15Phplist Phplist 2.10.13Phplist Phplist 2.10.5Phplist Phplist 2.10.3
NA
CVE-2012-3952
Cross-site scripting (XSS) vulnerability in admin/index.php in phpList prior to 2.10.19 allows remote malicious users to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.
Phplist PhplistPhplist Phplist 2.10.10Phplist Phplist 2.10.9Phplist Phplist 2.10.1Phplist Phplist 2.8.12Phplist Phplist 2.10.17Phplist Phplist 2.10.16Phplist Phplist 2.10.8Phplist Phplist 2.10.7Phplist Phplist 2.8.7Phplist Phplist 2.8.2Phplist Phplist 2.10.12Phplist Phplist 2.10.11Phplist Phplist 2.10.3Phplist Phplist 2.10.2Phplist Phplist 2.6.5Phplist Phplist 2.10.15Phplist Phplist 2.10.14Phplist Phplist 2.10.13Phplist Phplist 2.10.5Phplist Phplist 2.10.4Phplist Phplist 2.7.2
NA
CVE-2012-3953
SQL injection vulnerability in admin/index.php in phpList prior to 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.
Phplist Phplist 2.10.12Phplist Phplist 2.10.11Phplist Phplist 2.10.3Phplist Phplist 2.10.2Phplist Phplist 2.6.5Phplist PhplistPhplist Phplist 2.10.10Phplist Phplist 2.10.9Phplist Phplist 2.10.1Phplist Phplist 2.8.12Phplist Phplist 2.10.15Phplist Phplist 2.10.14Phplist Phplist 2.10.13Phplist Phplist 2.10.5Phplist Phplist 2.10.4Phplist Phplist 2.7.2Phplist Phplist 2.7.1Phplist Phplist 2.10.17Phplist Phplist 2.10.16Phplist Phplist 2.10.8Phplist Phplist 2.10.7Phplist Phplist 2.8.7
NA
CVE-2012-4247
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList prior to 2.10.19 allow remote malicious users to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_pre...
Phplist Phplist 2.10.16Phplist Phplist 2.10.14Phplist Phplist 2.10.7Phplist Phplist 2.10.4Phplist Phplist 2.7.2Phplist Phplist 2.6.5Phplist Phplist 2.10.12Phplist Phplist 2.10.11Phplist Phplist 2.10.10Phplist Phplist 2.10.9Phplist PhplistPhplist Phplist 2.10.17Phplist Phplist 2.10.2Phplist Phplist 2.10.1Phplist Phplist 2.8.12Phplist Phplist 2.8.7Phplist Phplist 2.10.15Phplist Phplist 2.10.13Phplist Phplist 2.10.8Phplist Phplist 2.10.5Phplist Phplist 2.10.3Phplist Phplist 2.8.2
NA
CVE-2009-0422
Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and previous versions, when register_globals is disabled, allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] paramet...
Tincan Phplist 2.7.2Tincan Phplist 2.8.2Tincan Phplist 2.10.6Tincan Phplist 2.10.7Tincan Phplist 2.6.0Tincan Phplist 2.5.8Tincan Phplist 2.5.0Tincan Phplist 2.4.0Tincan Phplist 2.2.1Tincan Phplist 2.2.0Tincan Phplist 1.9.1Tincan Phplist 1.9.0Tincan Phplist 2.8.12Tincan Phplist 2.10.1Tincan Phplist 2.8.7Tincan Phplist 2.6.4Tincan Phplist 2.5.7Tincan Phplist 2.5.6Tincan Phplist 2.3.4Tincan Phplist 2.4.7Tincan Phplist 2.1.4Tincan Phplist 2.1.3
NA
CVE-2008-5887
phplist prior to 2.10.8 allows remote malicious users to include files via unknown vectors, related to a "local file include vulnerability."
Tincan Phplist 2.6.5Tincan Phplist 2.7.1Tincan Phplist 2.10.4Tincan Phplist 2.10.5Tincan Phplist 2.6.3Tincan Phplist 2.6.0Tincan Phplist 2.5.1Tincan Phplist 2.5.0Tincan Phplist 2.3.0Tincan Phplist 2.2.1Tincan Phplist 1.9.2Tincan Phplist 1.9.1Tincan Phplist 1.6.0Tincan Phplist 1.5.1Tincan Phplist 1.1.5Tincan Phplist 1.1.5bTincan Phplist 2.8.12Tincan Phplist 2.10.1Tincan Phplist 2.6.4Tincan Phplist 2.6.2Tincan Phplist 2.5.6Tincan Phplist 2.5.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook