Description

An issue was discovered in phpList 3.6.12. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission.

Remediation

References

CVE-2023-27576

Related Vulnerabilities

MySQL CVE-2012-0574 Vulnerability (CVE-2012-0574)

MySQL CVE-2020-2806 Vulnerability (CVE-2020-2806)

WordPress Plugin FAQs Manager Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (1.0)

WildFly Application Server Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Vulnerability (CVE-2016-4993)

WordPress Other Vulnerability (CVE-2007-1894)

Severity

Medium

Classification

CVE-2023-27576 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities