SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Phplist | Tincan | * | * |
References
- http://marc.info/?l=bugtraq\u0026m=112258115325054\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=112291396731712\u0026w=2
- http://secunia.com/advisories/16274
- http://securitytracker.com/id?1014607
- http://www.osvdb.org/18316
- http://www.securityfocus.com/bid/14403
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21576
- http://marc.info/?l=bugtraq\u0026m=112258115325054\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=112291396731712\u0026w=2
- http://secunia.com/advisories/16274
- http://securitytracker.com/id?1014607
- http://www.osvdb.org/18316
- http://www.securityfocus.com/bid/14403
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21576