Vulnerabilities > CVE-2021-3188 - Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPlist 3.6.0

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
phplist
CWE-1236
critical

Summary

phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.

Vulnerable Configurations

Part Description Count
Application
Phplist
1