CVE-2020-22249

Name of the Vulnerable Software and Affected Versions phplist version 3.5.1

Description The issue is related to a lack of restrictions on file uploads in the phplist application, which can be exploited by uploading a malicious plugin containing PHP files with certain extensions, such as PHP, phtml, or php7. This can lead to remote code execution. The vulnerability allows a remote attacker to execute arbitrary code by uploading a malicious plugin.

Recommendations For phplist version 3.5.1, consider disabling the plugin upload feature until a patch is available to prevent the exploitation of this issue. Restrict access to the plugins directory to minimize the risk of exploitation. Avoid using the plugin upload feature with untrusted or unknown plugins. At the moment, there is no information about a newer version that contains a fix for this vulnerability.