Description
Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page.
Exploits (2)
exploitdb
WRITEUP
VERIFIED
by Tobias Klein · textwebappsphp
https://www.exploit-db.com/exploits/26482
exploitdb
WRITEUP
VERIFIED
by Tobias Klein · textwebappsphp
https://www.exploit-db.com/exploits/26481
References (7)
Core 7
Core References
Exploit, Patch, Vendor Advisory x_refsource_misc
http://www.trapkit.de/advisories/TKADV2005-11-001.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/20567
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/416005/30/0/threaded
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2345
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/20568
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17476
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15350
Scores
EPSS
0.0245
EPSS Percentile
85.3%
Details
Status
published
Products (1)
tincan/phplist
< 2.10.1
Published
Nov 16, 2005
Tracked Since
Feb 18, 2026