Description

SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.

Remediation

References

CVE-2012-3953

Related Vulnerabilities

Oracle Database Server Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-5508)

WordPress Plugin SEO Backlinks Cross-Site Request Forgery (4.0.1)

phpBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-1000419)

Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-14830)

WordPress Plugin Radio Buttons for Taxonomies Cross-Site Request Forgery (2.0.5)

Severity

High

Classification

CVE-2012-3953 CWE-138

Tags

Missing Update Known Vulnerabilities