Description

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.

Remediation

References

CVE-2020-15011

Related Vulnerabilities

Magento Cryptographic Issues Vulnerability (CVE-2019-7855)

Apache Tomcat version older than 6.0.10

Oracle Database Server CVE-2008-0344 Vulnerability (CVE-2008-0344)

WordPress Plugin Gravity Forms Arbitrary File Upload (1.8.19)

WordPress Plugin Service Finder-Provider and Business Listing Local File Disclosure (3.0)

Severity

Medium

Classification

CVE-2020-15011 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities