CVE-2005-3555

phplist < 2.10.1 - Authenticated SQL Injection via id Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-3555. PoCs published by Tobias Klein.

AI-analyzed exploit summary The provided text describes multiple input validation vulnerabilities in PHPList, including SQL injection via the 'id' parameter in the 'editattributes' page. It lacks executable exploit code but outlines attack vectors.

Description

Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Tobias Klein · textwebappsphp

https://www.exploit-db.com/exploits/26482

View Code ZIP pw:eip

The provided text describes multiple input validation vulnerabilities in PHPList, including SQL injection via the 'id' parameter in the 'editattributes' page. It lacks executable exploit code but outlines attack vectors.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: PHPList (version not specified)

No auth needed

Prerequisites: Access to the vulnerable PHPList admin interface

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →