Description

A vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.

Remediation

References

CVE-2017-20030

Related Vulnerabilities

MySQL CVE-2016-5609 Vulnerability (CVE-2016-5609)

WordPress Plugin Stop User Enumeration User Enumeration (1.3.4)

WordPress Plugin PAYPAL CURRENCY CONVERTER BASIC FOR WOOCOMMERCE Arbitrary File Disclosure (1.3)

GlassFish CVE-2010-2397 Vulnerability (CVE-2010-2397)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-7233)

Severity

High

Classification

CVE-2017-20030 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities