Description

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.

Remediation

References

CVE-2020-15011

Related Vulnerabilities

CKEditor Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2021-26272)

phpMyFAQ Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3783)

WordPress Plugin WP-DBManager Arbitrary File Deletion (2.79.1)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.17)

MySQL CVE-2016-8284 Vulnerability (CVE-2016-8284)

Severity

Medium

Classification

CVE-2020-15011 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities