Description

SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.

Remediation

References

CVE-2012-3953

Related Vulnerabilities

WordPress Plugin SP Project & Document Manager Multiple Vulnerabilities (2.5.9.7)

WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Cross-Site Scripting (2.9.17)

WordPress Plugin Easy Contact Form Lite 'sort_row.request.php' SQL Injection (1.0.7)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (2.3.2)

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-15098)

Severity

High

Classification

CVE-2012-3953 CWE-138

Tags

Missing Update Known Vulnerabilities