Vulnerability Details CVE-2012-3953
SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://archives.neohapsis.com/archives/bugtraq/2012-08/0059.html
- http://osvdb.org/84483
- http://www.phplist.com/?lid=579
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77527
- https://www.htbridge.com/advisory/HTB23100
- http://archives.neohapsis.com/archives/bugtraq/2012-08/0059.html
- http://osvdb.org/84483
- http://www.phplist.com/?lid=579
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77527
- https://www.htbridge.com/advisory/HTB23100
Products affected by CVE-2012-3953
-
cpe:2.3:a:phplist:phplist:2.10.1
-
cpe:2.3:a:phplist:phplist:2.10.10
-
cpe:2.3:a:phplist:phplist:2.10.11
-
cpe:2.3:a:phplist:phplist:2.10.12
-
cpe:2.3:a:phplist:phplist:2.10.13
-
cpe:2.3:a:phplist:phplist:2.10.14
-
cpe:2.3:a:phplist:phplist:2.10.15
-
cpe:2.3:a:phplist:phplist:2.10.16
-
cpe:2.3:a:phplist:phplist:2.10.17
-
cpe:2.3:a:phplist:phplist:2.10.18
-
cpe:2.3:a:phplist:phplist:2.10.2
-
cpe:2.3:a:phplist:phplist:2.10.3
-
cpe:2.3:a:phplist:phplist:2.10.4
-
cpe:2.3:a:phplist:phplist:2.10.5
-
cpe:2.3:a:phplist:phplist:2.10.7
-
cpe:2.3:a:phplist:phplist:2.10.8
-
cpe:2.3:a:phplist:phplist:2.10.9
-
cpe:2.3:a:phplist:phplist:2.6.5
-
cpe:2.3:a:phplist:phplist:2.7.1
-
cpe:2.3:a:phplist:phplist:2.7.2
-
cpe:2.3:a:phplist:phplist:2.8.12
-
cpe:2.3:a:phplist:phplist:2.8.2
-
cpe:2.3:a:phplist:phplist:2.8.7