Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPhplist
APPPhplist3.5.1
Powiązane podatności
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, whi...
phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.
phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashe...
A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown process...
phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Impo...