Description
SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2006-0267 Vulnerability (CVE-2006-0267)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-6211)
WordPress Plugin Mailing List 'wpabspath' Parameter Remote File Include (1.3.3)
PHP Integer Overflow or Wraparound Vulnerability (CVE-2015-3416)
phpMyAdmin Improper Input Validation Vulnerability (CVE-2011-0987)