WEB APPLICATION VULNERABILITIES Standard & Premium

phpList Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-15072)

Description

An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.

Remediation

References

Related Vulnerabilities

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-1648)

Sqlite Use of Uninitialized Resource Vulnerability (CVE-2015-3414)

Envoy Proxy Use After Free Vulnerability (CVE-2021-43826)

phpMyFAQ Improper Privilege Management Vulnerability (CVE-2023-1762)

WordPress Plugin Quotes Collection Cross-Site Scripting (2.0.5)

Severity

High

Classification

CVE-2020-15072 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities