Vulnerabilities > Phplist > Phplist > 3.5.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-27 | CVE-2020-23361 | Incorrect Comparison vulnerability in PHPlist 3.5.3 phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | 7.5 |
2020-07-08 | CVE-2020-15073 | Cross-site Scripting vulnerability in PHPlist An issue was discovered in phpList through 3.5.4. | 3.5 |
2020-07-08 | CVE-2020-15072 | SQL Injection vulnerability in PHPlist An issue was discovered in phpList through 3.5.4. | 6.5 |
2020-06-04 | CVE-2020-13827 | Cross-site Scripting vulnerability in PHPlist phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. | 6.1 |