Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phplist vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-13827
phpList prior to 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php.
Phplist Phplist
6.1
CVSSv3
CVE-2020-12639
phpList prior to 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php.
Phplist Phplist
5.4
CVSSv3
CVE-2020-23192
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module.
Phplist Phplist
8.8
CVSSv3
CVE-2020-15072
An issue exists in phpList up to and including 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.
Phplist Phplist
5.4
CVSSv3
CVE-2020-36398
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module.
Phplist Phplist
5.4
CVSSv3
CVE-2020-15073
An issue exists in phpList up to and including 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.
Phplist Phplist
NA
CVE-2006-5524
Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote malicious users to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321.
Phplist Phplist 2.10.2
1 EDB exploit
9.8
CVSSv3
CVE-2020-22249
Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which woul...
Phplist Phplist 3.5.1
9.8
CVSSv3
CVE-2017-20029
A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been d...
Phplist Phplist 3.2.6
7.2
CVSSv3
CVE-2017-20030
A vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been ...
Phplist Phplist 3.2.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »