Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phplist phplist 3.5.1 |