Bitnami/phplist — 21 CVEs

Loading…

All known vulnerabilities

CRITICAL9.8CVE-2020-22249Remote Code Execution vulnerability in phplist 3.5.1.

>= 3.5.1, <= 3.5.1

CRITICAL9.8CVE-2020-23361phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that beg…

>= 3.5.3, <= 3.5.3

CRITICAL9.8CVE-2020-8547phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes th…

>= 3.5.0, <= 3.5.0

CRITICAL9.8phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.

>= 3.6.0, <= 3.6.0

HIGH8.8An issue was discovered in phpList through 3.5.4.

from 0, < 3.5.4

HIGH7.2phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.

>= 3.5.9, <= 3.5.9

MEDIUM6.7An issue was discovered in phpList before 3.6.14.

>= 3.6.12, <= 3.6.12

MEDIUM6.1phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php.

from 0, < 3.5.3

MEDIUM6.1phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php.

from 0, < 3.5.4

MEDIUM5.4An issue was discovered in phpList through 3.5.4.

from 0, < 3.5.4

MEDIUM5.4A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute…

>= 3.5.4, <= 3.5.4

MEDIUM5.4A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web script…

from 0, < 3.5.4

MEDIUM5.4A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attac…

from 0, < 3.5.4