Description

SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action.

Remediation

References

CVE-2012-2740

Related Vulnerabilities

Drupal CVE-2017-6925 Vulnerability (CVE-2017-6925)

MySQL CVE-2016-0607 Vulnerability (CVE-2016-0607)

WordPress 5.4.x Prototype Pollution (5.4 - 5.4.9)

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-8419)

Apache Tomcat Improper Certificate Validation Vulnerability (CVE-2018-8034)

Severity

High

Classification

CVE-2012-2740 CWE-138

Tags

Missing Update Known Vulnerabilities