Vulnerabilities > Phplist
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-06 | CVE-2012-2741 | Cross-Site Scripting vulnerability in PHPlist Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action. | 4.3 |
| 2012-09-06 | CVE-2012-2740 | SQL Injection vulnerability in PHPlist SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action. | 7.5 |
| 2012-08-12 | CVE-2012-4247 | Cross-Site Scripting vulnerability in PHPlist Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page. | 4.3 |
| 2012-08-12 | CVE-2012-4246 | Cross-Site Scripting vulnerability in PHPlist Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page. | 4.3 |
| 2012-08-12 | CVE-2012-3953 | SQL Injection vulnerability in PHPlist SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page. | 7.5 |
| 2012-08-12 | CVE-2012-3952 | Cross-Site Scripting vulnerability in PHPlist Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page. | 2.6 |
| 2009-02-19 | CVE-2008-6178 | Code Injection vulnerability in multiple products Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. | 7.5 |
| 2006-10-26 | CVE-2006-5524 | Unspecified vulnerability in PHPlist 2.10.2 Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. network phplist | 6.8 |
| 2004-12-31 | CVE-2004-2744 | Remote Security vulnerability in Mailing List Manager Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vectors, related to a "security update release." | 5.0 |