Description

A vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.

Remediation

References

CVE-2017-20030

Related Vulnerabilities

MySQL CVE-2020-14547 Vulnerability (CVE-2020-14547)

WordPress Plugin Arigato Autoresponder and Newsletter Cross-Site Scripting (2.3.1)

WordPress Plugin PitchPrint Arbitrary File Upload (7.1.1)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-7233)

WordPress Plugin GDPR Cookie Compliance Security Bypass (4.0.2)

Severity

High

Classification

CVE-2017-20030 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities