Description

SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.

Remediation

References

CVE-2012-3953

Related Vulnerabilities

WordPress Plugin WP Quick Booking Manager Cross-Site Scripting (1.1)

WordPress Plugin WooCommerce Cross-Site Scripting (8.9.2)

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17295)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-7525)

WordPress Plugin Grid Gallery-Photo Image Grid Gallery Cross-Site Scripting (1.2.4)

Severity

High

Classification

CVE-2012-3953 CWE-138

Tags

Missing Update Known Vulnerabilities