Published: 13/04/2011 Updated: 09/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in phpList prior to 2.10.13 allow remote malicious users to hijack the authentication of administrators for requests that (1) add or (2) edit administrator accounts.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tincan phplist 2.8.2
tincan phplist 2.8.12
tincan phplist 2.10.7
tincan phplist 2.10.8
tincan phplist 2.6.1
tincan phplist 2.6
tincan phplist 2.5.3
tincan phplist 2.5.2
tincan phplist 2.3.2
tincan phplist 2.3.1
tincan phplist 2.1.0
tincan phplist 1.9.3
tincan phplist 1.6.3
tincan phplist 1.6.1
tincan phplist 2.6.5
tincan phplist 2.7.1
tincan phplist 2.7.2
tincan phplist 2.10.5
tincan phplist 2.10.6
tincan phplist 2.6.4
tincan phplist 2.6.2
tincan phplist 2.5.5
tincan phplist 2.5.4
tincan phplist 2.4.7
tincan phplist 2.3.3
tincan phplist 2.1.3
tincan phplist 2.1.1
tincan phplist 1.7.0
tincan phplist 1.6.4
tincan phplist 1.3.7
tincan phplist 1.3.5
tincan phplist 1.1.2b
tincan phplist 1.0.1
tincan phplist 1.1.7
tincan phplist 1.1.6
tincan phplist 1.0
tincan phplist
tincan phplist 2.9.5
tincan phplist 2.10.1
tincan phplist 2.10.2
tincan phplist 2.10.9
tincan phplist 2.10.10
tincan phplist 2.6.3
tincan phplist 2.6.0
tincan phplist 2.5.1
tincan phplist 2.5.0
tincan phplist 2.3.0
tincan phplist 2.2.1
tincan phplist 1.9.2
tincan phplist 1.9.1
tincan phplist 1.9.0
tincan phplist 1.6.0
tincan phplist 1.5.1
tincan phplist 1.1.5
tincan phplist 1.1.5b
tincan phplist 2.9.4
tincan phplist 2.9.3
tincan phplist 2.10.3
tincan phplist 2.10.4
tincan phplist 2.10.11
tincan phplist 2.8.7
tincan phplist 2.5.8
tincan phplist 2.5.7
tincan phplist 2.5.6
tincan phplist 2.4.0
tincan phplist 2.3.4
tincan phplist 2.2.0
tincan phplist 2.1.4
tincan phplist 1.8.0
tincan phplist 1.7.1
tincan phplist 1.5.0
tincan phplist 1.4.1
tincan phplist 1.1.4b
tincan phplist 1.1.3b

+-------------------------------------------------------------------------+ # Exploit Title : phplist - version 2109 CSRF/XSS Vulnerability # version : 2109 # Author : Cyber-Crystal ...

CWE-352 http://int21.de/cve/CVE-2011-0748-phplist.html http://www.phplist.com/?lid=516 http://secunia.com/advisories/44041 http://securityreason.com/securityalert/8199 http://www.exploit-db.com/exploits/18419 http://osvdb.org/78549 http://www.securityfocus.com/bid/51681 https://exchange.xforce.ibmcloud.com/vulnerabilities/72746 http://www.securityfocus.com/archive/1/517400/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/18419/

CVE-2011-0748

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect