Vulnerabilities > Tincan > Phplist > High

DATE CVE VULNERABILITY TITLE RISK
2009-02-05 CVE-2009-0422 Code Injection vulnerability in Tincan PHPlist
Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php.
network
low complexity
tincan CWE-94
7.5
7.5
2006-10-17 CVE-2006-5322 SQL-Injection vulnerability in PHPlist
Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
tincan
7.5
7.5
2005-08-03 CVE-2005-2432 SQL Injection vulnerability in PHPList Admin Page
SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin.
network
low complexity
tincan
7.5
7.5