Description

SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.

Remediation

References

CVE-2012-3953

Related Vulnerabilities

WordPress Plugin Captcha by BestWebSoft SQL Injection (4.1.7)

WordPress Plugin PlanSo Forms Cross-Site Scripting (2.6.3)

Apache HTTP Server Other Vulnerability (CVE-2002-0257)

PostgreSQL CVE-2023-5870 Vulnerability (CVE-2023-5870)

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-13663)

Severity

High

Classification

CVE-2012-3953 CWE-138

Tags

Missing Update Known Vulnerabilities