Description

SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action.

Remediation

References

CVE-2012-2740

Related Vulnerabilities

WordPress Plugin Share on Diaspora Cross-Site Scripting (0.7.1)

WordPress Plugin Calendar Event Multi View Unspecified Vulnerability (1.3.58)

WordPress Plugin JW Player for Flash & HTML5 Video Cross-Site Request Forgery (2.1.11)

WordPress 2.6.2 Remote Code Execution Vulnerability (0.70 - 2.6.2)

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2006-1049)

Severity

High

Classification

CVE-2012-2740 CWE-138

Tags

Missing Update Known Vulnerabilities