Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. NOTE: this issue exists because of an incomplete fix for CVE-2011-0748. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phplist | Tincan | 2.4.0 | 2.4.0 |
Phplist | Tincan | 2.5.6 | 2.5.6 |
Phplist | Tincan | 2.10.6 | 2.10.6 |
Phplist | Tincan | 2.10.3 | 2.10.3 |
Phplist | Tincan | 1.6.1 | 1.6.1 |
Phplist | Tincan | 2.8.2 | 2.8.2 |
Phplist | Tincan | 1.9.0 | 1.9.0 |
Phplist | Tincan | 2.5.5 | 2.5.5 |
Phplist | Tincan | 1.6.0 | 1.6.0 |
Phplist | Tincan | 2.10.10 | 2.10.10 |
Phplist | Tincan | 1.9.3 | 1.9.3 |
Phplist | Tincan | 1.6.3 | 1.6.3 |
Phplist | Tincan | 2.6.3 | 2.6.3 |
Phplist | Tincan | 2.1.0 | 2.1.0 |
Phplist | Tincan | 2.9.4 | 2.9.4 |
Phplist | Tincan | 2.3.1 | 2.3.1 |
Phplist | Tincan | 2.6.5 | 2.6.5 |
Phplist | Tincan | 2.9.3 | 2.9.3 |
Phplist | Tincan | 1.6.4 | 1.6.4 |
Phplist | Tincan | 2.10.9 | 2.10.9 |
Phplist | Tincan | 2.6 | 2.6 |
Phplist | Tincan | 2.1.4 | 2.1.4 |
Phplist | Tincan | 2.5.7 | 2.5.7 |
Phplist | Tincan | 2.6.0 | 2.6.0 |
Phplist | Tincan | 1.5.1 | 1.5.1 |
Phplist | Tincan | 1.9.2 | 1.9.2 |
Phplist | Tincan | 2.8.12 | 2.8.12 |
Phplist | Tincan | 2.6.2 | 2.6.2 |
Phplist | Tincan | 2.5.4 | 2.5.4 |
Phplist | Tincan | 1.1.5b | 1.1.5b |
Phplist | Tincan | 2.10.5 | 2.10.5 |
Phplist | Tincan | 1.4.1 | 1.4.1 |
Phplist | Tincan | 2.1.1 | 2.1.1 |
Phplist | Tincan | 2.4.7 | 2.4.7 |
Phplist | Tincan | 1.1.6 | 1.1.6 |
Phplist | Tincan | 1.8.0 | 1.8.0 |
Phplist | Tincan | 1.7.0 | 1.7.0 |
Phplist | Tincan | 1.7.1 | 1.7.1 |
Phplist | Tincan | 2.1.3 | 2.1.3 |
Phplist | Tincan | 1.1.4b | 1.1.4b |
Phplist | Tincan | 1.1.5 | 1.1.5 |
Phplist | Tincan | 2.10.2 | 2.10.2 |
Phplist | Tincan | 2.5.2 | 2.5.2 |
Phplist | Tincan | 2.9.5 | 2.9.5 |
Phplist | Tincan | 2.5.0 | 2.5.0 |
Phplist | Tincan | 1.3.5 | 1.3.5 |
Phplist | Tincan | * | 2.10.13 |
Phplist | Tincan | 2.3.2 | 2.3.2 |
Phplist | Tincan | 2.5.8 | 2.5.8 |
Phplist | Tincan | 2.10.11 | 2.10.11 |
Phplist | Tincan | 2.2.0 | 2.2.0 |
Phplist | Tincan | 2.10.8 | 2.10.8 |
Phplist | Tincan | 2.3.0 | 2.3.0 |
Phplist | Tincan | 1.0 | 1.0 |
Phplist | Tincan | 1.5.0 | 1.5.0 |
Phplist | Tincan | 1.1.2b | 1.1.2b |
Phplist | Tincan | 1.9.1 | 1.9.1 |
Phplist | Tincan | 2.5.1 | 2.5.1 |
Phplist | Tincan | 2.6.4 | 2.6.4 |
Phplist | Tincan | 2.3.4 | 2.3.4 |
Phplist | Tincan | 2.10.12 | 2.10.12 |
Phplist | Tincan | 1.0.1 | 1.0.1 |
Phplist | Tincan | 1.1.7 | 1.1.7 |
Phplist | Tincan | 2.10.4 | 2.10.4 |
Phplist | Tincan | 2.8.7 | 2.8.7 |
Phplist | Tincan | 2.10.1 | 2.10.1 |
Phplist | Tincan | 1.1.3b | 1.1.3b |
Phplist | Tincan | 2.3.3 | 2.3.3 |
Phplist | Tincan | 2.6.1 | 2.6.1 |
Phplist | Tincan | 1.3.7 | 1.3.7 |
Phplist | Tincan | 2.2.1 | 2.2.1 |
Phplist | Tincan | 2.5.3 | 2.5.3 |
Phplist | Tincan | 2.7.1 | 2.7.1 |
Phplist | Tincan | 2.10.7 | 2.10.7 |
Phplist | Tincan | 2.7.2 | 2.7.2 |