Vulnerabilities > CVE-2021-3188 - Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPlist 3.6.0

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
phplist
CWE-1236
critical

Summary

phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.

Vulnerable Configurations

Part Description Count
Application
Phplist
1