Vulnerabilities > Phplist > High

DATE CVE VULNERABILITY TITLE RISK
2022-06-10 CVE-2017-20029 SQL Injection vulnerability in PHPlist 3.2.6
A vulnerability was found in PHPList 3.2.6 and classified as critical.
network
low complexity
phplist CWE-89
7.5
7.5
2022-06-10 CVE-2017-20032 SQL Injection vulnerability in PHPlist 3.2.6
A vulnerability was found in PHPList 3.2.6.
network
low complexity
phplist CWE-89
7.5
7.5
2021-07-06 CVE-2020-22249 Unrestricted Upload of File with Dangerous Type vulnerability in PHPlist 3.5.1
Remote Code Execution vulnerability in phplist 3.5.1.
network
low complexity
phplist CWE-434
7.5
7.5
2021-01-27 CVE-2020-23361 Incorrect Comparison vulnerability in PHPlist 3.5.3
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
network
low complexity
phplist CWE-697
7.5
7.5
2020-02-03 CVE-2020-8547 Type Confusion vulnerability in PHPlist 3.5.0
phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
network
low complexity
phplist CWE-843
7.5
7.5
2012-09-06 CVE-2012-2740 SQL Injection vulnerability in PHPlist
SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action.
network
low complexity
phplist CWE-89
7.5
7.5
2012-08-12 CVE-2012-3953 SQL Injection vulnerability in PHPlist
SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.
network
low complexity
phplist CWE-89
7.5
7.5
2009-02-19 CVE-2008-6178 Code Injection vulnerability in multiple products
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094.
network
low complexity
fckeditor phplist CWE-94
7.5
7.5