Description phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports. Remediation References CVE-2021-3188 Related Vulnerabilities WordPress Plugin WordPress Mobile Pack Information Disclosure (2.1.2) WordPress Plugin Academy LMS-eLearning and online course solution for WordPress Multiple Security Bypass Vulnerabilities (1.9.16) Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2011-3192) Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2017-1000355) Django Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-3444) Severity Critical Classification CVE-2021-3188 CWE-1236 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities