Page 3 of 14 results (0.004 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. phpList versión 3.5.3, permite el malabarismo de tipos para la omisión de inicio de sesión porque es usado == en lugar de === para los hashes de contraseña, que maneja inapropiadamente los hashes que comienzan con 0e seguidos de caracteres exclusivamente numéricos • https://github.com/phpList/phplist3/issues/668 •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section. Se detectó un problema en phpList versiones hasta 3.5.4. Una vulnerabilidad de Inyección SQL basada en errores por medio de la sección Import Administrators • https://blog.telspace.co.za/2020/07/phplist-cve-2020-15072-cve-2020-15073.html https://discuss.phplist.org/t/phplist-3-5-5-has-been-released/6377 https://www.phplist.org/newslist/phplist-3-5-5-release-notes • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section. Se detectó un problema en phpList versiones hasta 3.5.4. Se produce una vulnerabilidad de tipo XSS en la sección Import Administrators mediante la carga de un documento de texto editado. • https://blog.telspace.co.za/2020/07/phplist-cve-2020-15072-cve-2020-15073.html https://discuss.phplist.org/t/phplist-3-5-5-has-been-released/6377 https://www.phplist.org/newslist/phplist-3-5-5-release-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. phpList versiones anteriores a 3.5.4, permite un ataque de tipo XSS por medio de los archivos /lists/admin/user.php y /lists/admin/users.php • https://www.phplist.org/newslist/phplist-3-5-4-release-notes https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •