Description

SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.

Remediation

References

CVE-2012-3953

Related Vulnerabilities

WordPress Plugin Easy Contact Form Lite 'sort_row.request.php' SQL Injection (1.0.7)

WordPress Plugin Eyes Only:User Access Shortcode Cross-Site Scripting (1.8.2)

WordPress Plugin WP Hotel Booking Remote Code Execution (1.10.2)

WordPress Plugin Classified Listing-Classified ads & Business Directory Cross-Site Scripting (2.2.13)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2015-4852)

Severity

High

Classification

CVE-2012-3953 CWE-138

Tags

Missing Update Known Vulnerabilities