Description

An issue was discovered in phpList 3.6.12. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission.

Remediation

References

CVE-2023-27576

Related Vulnerabilities

Oracle Database Server Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2006-1871)

WordPress Plugin Free Booking for Hotels, Restaurant and Car Rental-eaSYNC Arbitrary File Upload (1.1.15)

WordPress Plugin link-list-manager Cross-Site Scripting (1.0)

Oracle Application Server CVE-2008-7233 Vulnerability (CVE-2008-7233)

WordPress Plugin Duplicator-WordPress Migration Cross-Site Scripting (0.5.26)

Severity

Medium

Classification

CVE-2023-27576 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities