Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phplist vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-36399
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module.
Phplist Phplist
3.5
CVSSv2
CVE-2020-23192
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module.
Phplist Phplist
3.5
CVSSv2
CVE-2020-23194
A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Phplist Phplist
6.5
CVSSv2
CVE-2020-15072
An issue exists in phpList up to and including 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.
Phplist Phplist
3.5
CVSSv2
CVE-2020-15073
An issue exists in phpList up to and including 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.
Phplist Phplist
4.3
CVSSv2
CVE-2020-13827
phpList prior to 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php.
Phplist Phplist
7.5
CVSSv2
CVE-2020-22249
Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which woul...
Phplist Phplist 3.5.1
10
CVSSv2
CVE-2021-3188
phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.
Phplist Phplist 3.6.0
7.5
CVSSv2
CVE-2017-20029
A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been d...
Phplist Phplist 3.2.6
6.5
CVSSv2
CVE-2017-20030
A vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been ...
Phplist Phplist 3.2.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »