Filtered by vendor Phplist
Subscribe
Total
38 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2916 | 1 Phplist | 1 Phplist | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/. | |||||
| CVE-2012-3953 | 1 Phplist | 1 Phplist | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page. | |||||
| CVE-2012-2740 | 1 Phplist | 1 Phplist | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action. | |||||
| CVE-2012-2741 | 1 Phplist | 1 Phplist | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action. | |||||
| CVE-2012-3952 | 1 Phplist | 1 Phplist | 2025-04-11 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page. | |||||
| CVE-2012-4247 | 1 Phplist | 1 Phplist | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page. | |||||
| CVE-2012-4246 | 1 Phplist | 1 Phplist | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page. | |||||
| CVE-2008-6178 | 2 Fckeditor, Phplist | 2 Fckeditor, Phplist | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5524 | 1 Phplist | 1 Phplist | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321. | |||||
| CVE-2004-2744 | 1 Phplist | 1 Mailing List Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vectors, related to a "security update release." | |||||
| CVE-2021-3188 | 1 Phplist | 1 Phplist | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports. | |||||
| CVE-2020-8547 | 1 Phplist | 1 Phplist | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | |||||
| CVE-2020-36399 | 1 Phplist | 1 Phplist | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module. | |||||
| CVE-2020-36398 | 1 Phplist | 1 Phplist | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module. | |||||
| CVE-2020-35708 | 1 Phplist | 1 Phplist | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page. | |||||
| CVE-2020-23361 | 1 Phplist | 1 Phplist | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | |||||
| CVE-2020-23217 | 1 Phplist | 1 Phplist | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module. | |||||
| CVE-2020-23214 | 1 Phplist | 1 Phplist | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module. | |||||
| CVE-2020-23209 | 1 Phplist | 1 Phplist | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module. | |||||
| CVE-2020-23208 | 1 Phplist | 1 Phplist | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module. | |||||