Description
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint.
Remediation
References
Related Vulnerabilities
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-6379)
Squid Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-41317)
WordPress Plugin HyperComments Arbitrary File Deletion (1.2.2)
Sqlite Improper Initialization Vulnerability (CVE-2020-11655)
WordPress Plugin ReFlex Gallery Cross-Site Scripting (3.1.4)