Description
SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action.
Remediation
References
Related Vulnerabilities
Jboss EAP Incomplete List of Disallowed Inputs Vulnerability (CVE-2018-5968)
Drupal Improper Input Validation Vulnerability (CVE-2016-9452)
Atlassian Jira Incorrect Authorization Vulnerability (CVE-2021-43948)
WordPress Plugin TheCartPress eCommerce Shopping Cart Multiple Vulnerabilities (1.3.9)
Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.9)