Description

A vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.

Remediation

References

CVE-2017-20030

Related Vulnerabilities

OpenVPN AS Divide By Zero Vulnerability (CVE-2023-46849)

WordPress Plugin ReviewX-Multi-criteria Rating & Reviews for WooCommerce CSV Injection (1.6.7)

Django CVE-2024-41990 Vulnerability (CVE-2024-41990)

WordPress Plugin Google Analytics MU Cross-Site Request Forgery (2.3.1)

Jenkins Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2017-1000393)

Severity

High

Classification

CVE-2017-20030 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities