Vulnerabilities > Phplist > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-10 | CVE-2017-20029 | SQL Injection vulnerability in PHPlist 3.2.6 A vulnerability was found in PHPList 3.2.6 and classified as critical. | 9.8 |
| 2022-06-10 | CVE-2017-20032 | SQL Injection vulnerability in PHPlist 3.2.6 A vulnerability was found in PHPList 3.2.6. | 9.8 |
| 2021-07-06 | CVE-2020-22249 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPlist 3.5.1 Remote Code Execution vulnerability in phplist 3.5.1. | 9.8 |
| 2021-01-27 | CVE-2020-23361 | Unspecified vulnerability in PHPlist 3.5.3 phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | 9.8 |
| 2021-01-26 | CVE-2021-3188 | Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPlist 3.6.0 phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports. | 9.8 |
| 2020-02-03 | CVE-2020-8547 | Unspecified vulnerability in PHPlist 3.5.0 phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | 9.8 |