Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

phpList Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-3188)

Description

phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.

Remediation

References

Related Vulnerabilities

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1599)

WordPress Plugin Crayon Syntax Highlighter 'wp_load' Parameter Remote File Include (1.12.1)

WordPress Plugin Catch Infinite Scroll Security Bypass (1.8.1)

Apache Tomcat Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-12617)

MySQL CVE-2022-21297 Vulnerability (CVE-2022-21297)

Severity

Critical

Classification

CVE-2021-3188 CWE-1236 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities