Shodan
Vulnerabilities
Vulnerable Software
Phplist:  >> Phplist  >> 2.10.17  Security Vulnerabilities
CVE-2020-12639
phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-05-04
CVE-2014-2916
Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/.
CVSS Score
6.8
EPSS Score
0.002
Published
2014-05-05
CVE-2012-2740
SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action.
CVSS Score
7.5
EPSS Score
0.032
Published
2012-09-06
CVE-2012-2741
Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action.
CVSS Score
4.3
EPSS Score
0.08
Published
2012-09-06
CVE-2012-4246
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page.
CVSS Score
4.3
EPSS Score
0.057
Published
2012-08-12
CVE-2012-4247
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page.
CVSS Score
4.3
EPSS Score
0.048
Published
2012-08-12
CVE-2012-3952
Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.
CVSS Score
2.6
EPSS Score
0.066
Published
2012-08-12
CVE-2012-3953
SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.
CVSS Score
7.5
EPSS Score
0.006
Published
2012-08-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved