CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 1CVE-2005-3557
https://notcve.org/view.php?id=CVE-2005-3557
Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request. • http://osvdb.org/20569 http://secunia.com/advisories/17476 http://www.securityfocus.com/archive/1/416005/30/0/threaded http://www.securityfocus.com/bid/15350 http://www.trapkit.de/advisories/TKADV2005-11-001.txt http://www.vupen.com/english/advisories/2005/2345 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2005-3555 – PHPList Mailing List Manager 2.x - '/admin/admin.php?id' SQL Injection
https://notcve.org/view.php?id=CVE-2005-3555
Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page. • https://www.exploit-db.com/exploits/26481 https://www.exploit-db.com/exploits/26482 http://osvdb.org/20567 http://osvdb.org/20568 http://secunia.com/advisories/17476 http://www.securityfocus.com/archive/1/416005/30/0/threaded http://www.securityfocus.com/bid/15350 http://www.trapkit.de/advisories/TKADV2005-11-001.txt http://www.vupen.com/english/advisories/2005/2345 •