CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2006-5322
https://notcve.org/view.php?id=CVE-2006-5322
17 Oct 2006 — Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en phplist anterior a 2.10.3 permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores no especificados. • http://tincan.co.uk/?lid=1821 •
CVSS: 6.1EPSS: 11%CPEs: 8EXPL: 2CVE-2006-5294 – phpList 2.x - Public Pages MultipleCross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-5294
16 Oct 2006 — Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en phplist anteriores a 2.10.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro unsubscribeemail. • https://www.exploit-db.com/exploits/28790 •
CVSS: 9.1EPSS: 0%CPEs: 13EXPL: 3CVE-2006-1746
https://notcve.org/view.php?id=CVE-2006-1746
12 Apr 2006 — Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable. Vulnerabilidad de salto de directorio en PHPList 2.10.2 y versiones anteriores permite a atacantes remotos inlcuir archivos locales arbitrarios a través de los parámetros (1) GLOBALS[database_module] o (2) GLOBALS[language_module], lo que sobrescribe la variab... • http://downloads.securityfocus.com/vulnerabilities/exploits/PHPList-lfi.php • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 2%CPEs: 1EXPL: 3CVE-2005-3555 – PHPList Mailing List Manager 2.x - '/admin/admin.php?id' SQL Injection
https://notcve.org/view.php?id=CVE-2005-3555
16 Nov 2005 — Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page. • https://www.exploit-db.com/exploits/26481 •
CVSS: 4.8EPSS: 4%CPEs: 1EXPL: 4CVE-2005-3556 – PHPList Mailing List Manager 2.x - '/admin/configure.php?id' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3556
16 Nov 2005 — Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php, (2) title parameter in (b) admin/spageedit.php, (3) title field in (c) admin/template.php, (4) filter, (5) delete, and (6) start parameters in (d) admin/eventlog.php, (7) id parameter in (e) admin/configure.php, (8) find parameter in (f) admin/users.php, (9) start parameter in (g) admin/admin.php, and (10) ac... • https://www.exploit-db.com/exploits/26484 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2005-3557
https://notcve.org/view.php?id=CVE-2005-3557
16 Nov 2005 — Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request. • http://osvdb.org/20569 •