Published: 12/08/2012 Updated: 29/08/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in admin/index.php in phpList prior to 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phplist phplist 2.10.12
phplist phplist 2.10.11
phplist phplist 2.10.3
phplist phplist 2.10.2
phplist phplist 2.6.5
phplist phplist
phplist phplist 2.10.10
phplist phplist 2.10.9
phplist phplist 2.10.1
phplist phplist 2.8.12
phplist phplist 2.10.15
phplist phplist 2.10.14
phplist phplist 2.10.13
phplist phplist 2.10.5
phplist phplist 2.10.4
phplist phplist 2.7.2
phplist phplist 2.7.1
phplist phplist 2.10.17
phplist phplist 2.10.16
phplist phplist 2.10.8
phplist phplist 2.10.7
phplist phplist 2.8.7
phplist phplist 2.8.2

source: wwwsecurityfocuscom/bid/54912/info PHPList is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying ...

phpList version 21018 suffers from cross site scripting and remote SQL injection vulnerabilities ...

CWE-89 http://archives.neohapsis.com/archives/bugtraq/2012-08/0059.html http://osvdb.org/84483 http://www.phplist.com/?lid=579 https://www.htbridge.com/advisory/HTB23100 https://exchange.xforce.ibmcloud.com/vulnerabilities/77527 https://nvd.nist.gov https://www.exploit-db.com/exploits/37613/

CVE-2012-3953

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect