Filtered by vendor Phplist
Subscribe
Total
39 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-23208 | 1 Phplist | 1 Phplist | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module. | |||||
CVE-2020-23361 | 1 Phplist | 1 Phplist | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | |||||
CVE-2021-3188 | 1 Phplist | 1 Phplist | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports. | |||||
CVE-2020-35708 | 1 Phplist | 1 Phplist | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page. | |||||
CVE-2020-15073 | 1 Phplist | 1 Phplist | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section. | |||||
CVE-2020-15072 | 1 Phplist | 1 Phplist | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section. | |||||
CVE-2020-12639 | 1 Phplist | 1 Phplist | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php. | |||||
CVE-2020-13827 | 1 Phplist | 1 Phplist | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. | |||||
CVE-2020-8547 | 1 Phplist | 1 Phplist | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | |||||
CVE-2014-2916 | 1 Phplist | 1 Phplist | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/. | |||||
CVE-2012-4246 | 1 Phplist | 1 Phplist | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page. | |||||
CVE-2012-3952 | 1 Phplist | 1 Phplist | 2024-02-28 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page. | |||||
CVE-2012-4247 | 1 Phplist | 1 Phplist | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page. | |||||
CVE-2012-3953 | 1 Phplist | 1 Phplist | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page. | |||||
CVE-2012-2740 | 1 Phplist | 1 Phplist | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action. | |||||
CVE-2012-2741 | 1 Phplist | 1 Phplist | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action. | |||||
CVE-2008-6178 | 2 Fckeditor, Phplist | 2 Fckeditor, Phplist | 2024-02-28 | 7.5 HIGH | N/A |
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information. | |||||
CVE-2006-5524 | 1 Phplist | 1 Phplist | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321. | |||||
CVE-2004-2744 | 1 Phplist | 1 Mailing List Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vectors, related to a "security update release." |