CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15072
https://notcve.org/view.php?id=CVE-2020-15072
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section. Se detectó un problema en phpList versiones hasta 3.5.4. Una vulnerabilidad de Inyección SQL basada en errores por medio de la sección Import Administrators • https://blog.telspace.co.za/2020/07/phplist-cve-2020-15072-cve-2020-15073.html https://discuss.phplist.org/t/phplist-3-5-5-has-been-released/6377 https://www.phplist.org/newslist/phplist-3-5-5-release-notes • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15073
https://notcve.org/view.php?id=CVE-2020-15073
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section. Se detectó un problema en phpList versiones hasta 3.5.4. Se produce una vulnerabilidad de tipo XSS en la sección Import Administrators mediante la carga de un documento de texto editado. • https://blog.telspace.co.za/2020/07/phplist-cve-2020-15072-cve-2020-15073.html https://discuss.phplist.org/t/phplist-3-5-5-has-been-released/6377 https://www.phplist.org/newslist/phplist-3-5-5-release-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13827
https://notcve.org/view.php?id=CVE-2020-13827
phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. phpList versiones anteriores a 3.5.4, permite un ataque de tipo XSS por medio de los archivos /lists/admin/user.php y /lists/admin/users.php • https://www.phplist.org/newslist/phplist-3-5-4-release-notes https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12639
https://notcve.org/view.php?id=CVE-2020-12639
phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php. phpList versiones anteriores a la versión 3.5.3, permiten un ataque de tipo XSS, dando como resultado una ascenso de privilegios, por medio del archivo lists/admin/template.php. • https://github.com/phpList/phplist3/compare/3.5.2...3.5.3 https://www.phplist.org/newslist/phplist-3-5-3-release-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2014-2916
https://notcve.org/view.php?id=CVE-2014-2916
Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/. Vulnerabilidad de CSRF en el editor de página de suscripción en phpList anterior a 3.0.6 permite a atacantes remotos secuestrar la autenticación de administradores a través de una solicitud hacia admin/. • http://labs.davidsopas.com/2014/04/phplist-csrf-on-subscription-page.html http://secunia.com/advisories/57893 http://www.phplist.com/?lid=638 http://www.securitytracker.com/id/1030191 • CWE-352: Cross-Site Request Forgery (CSRF) •