CVE-2011-0748

phplist < 2.10.13 - Cross-Site Request Forgery

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0748. PoCs published by Cyber-Crystal.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in phplist 2.10.9 that allows an attacker to add an admin account and an XSS vulnerability that can be triggered via a crafted POST request. The PoC includes HTML forms to exploit these vulnerabilities.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in phpList before 2.10.13 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) edit administrator accounts.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cyber-Crystal · htmlwebappsphp

https://www.exploit-db.com/exploits/18419

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in phplist 2.10.9 that allows an attacker to add an admin account and an XSS vulnerability that can be triggered via a crafted POST request. The PoC includes HTML forms to exploit these vulnerabilities.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: phplist version 2.10.9

No auth needed

Prerequisites: Access to the target phplist admin interface

MITRE ATT&CK