Description

SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.

Remediation

References

CVE-2012-3953

Related Vulnerabilities

Oracle JRE CVE-2012-4416 Vulnerability (CVE-2012-4416)

WebLogic CVE-2023-21964 Vulnerability (CVE-2023-21964)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13668)

Ruby Numeric Errors Vulnerability (CVE-2008-2726)

Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51485)

Severity

High

Classification

CVE-2012-3953 CWE-138

Tags

Missing Update Known Vulnerabilities