PT-2022-7903 · Phplist · Phplist

Tim Coen

Published

2022-06-10

Updated

2022-06-17

CVE-2017-20030

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PHPList version 3.2.6

Description A critical issue has been found in the Sending Campain component of the file /lists/admin/, which can lead to sql injection. The manipulation can be launched remotely.

Recommendations For PHPList version 3.2.6, upgrade to version 3.3.1 to address this issue.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-20030

Affected Products

Phplist

PT-2022-7903 · Phplist · Phplist

CVE-2017-20030

Weakness Enumeration

Related Identifiers

Affected Products

References · 5