Vulnerabilities > Tincan > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-02-05 | CVE-2009-0422 | Code Injection vulnerability in Tincan PHPlist Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php. | 7.5 |
2006-10-17 | CVE-2006-5322 | SQL-Injection vulnerability in PHPlist Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2005-08-03 | CVE-2005-2432 | SQL Injection vulnerability in PHPList Admin Page SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin. | 7.5 |