Description

An issue was discovered in phpList 3.6.12. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission.

Remediation

References

CVE-2023-27576

Related Vulnerabilities

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-1812)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1029)

WordPress Plugin Limit Login Attempts Reloaded Cross-Site Scripting (2.15.2)

WordPress Plugin iThemes Exchange:Simple WP Ecommerce Cross-Site Scripting (1.11.18)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2202)

Severity

Medium

Classification

CVE-2023-27576 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities