CVE-2014-2916

Name of the Vulnerable Software and Affected Versions phpList versions prior to 3.0.6

Description A cross-site request forgery (CSRF) issue exists in the subscription page editor (spageedit) of phpList, allowing remote attackers to hijack the authentication of administrators via a request to "admin/".

Recommendations For versions prior to 3.0.6, update to version 3.0.6 or later to resolve the issue.