Vulnerabilities > Phplist > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-18 | CVE-2023-27576 | Unspecified vulnerability in PHPlist 3.6.12 An issue was discovered in phpList before 3.6.14. | 6.7 |
| 2022-06-10 | CVE-2017-20030 | SQL Injection vulnerability in PHPlist 3.2.6 A vulnerability was found in PHPList 3.2.6. | 6.5 |
| 2022-06-10 | CVE-2017-20031 | Unspecified vulnerability in PHPlist 3.2.6 A vulnerability was found in PHPList 3.2.6. | 4.0 |
| 2022-06-10 | CVE-2017-20033 | Cross-site Scripting vulnerability in PHPlist 3.2.6 A vulnerability classified as problematic has been found in PHPList 3.2.6. | 4.3 |
| 2020-12-25 | CVE-2020-35708 | SQL Injection vulnerability in PHPlist 3.5.9 phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page. | 6.5 |
| 2020-07-08 | CVE-2020-15072 | SQL Injection vulnerability in PHPlist An issue was discovered in phpList through 3.5.4. | 6.5 |
| 2020-06-04 | CVE-2020-13827 | Cross-site Scripting vulnerability in PHPlist phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. | 6.1 |
| 2020-05-04 | CVE-2020-12639 | Cross-site Scripting vulnerability in PHPlist phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php. | 4.3 |
| 2014-05-05 | CVE-2014-2916 | Cross-Site Request Forgery (CSRF) vulnerability in PHPlist Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/. | 6.8 |
| 2012-09-06 | CVE-2012-2741 | Cross-Site Scripting vulnerability in PHPlist Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action. | 4.3 |