CVE-2011-0748

Tincan Phplist < 2.10.12 - CSRF

Title source: rule

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in phpList before 2.10.13 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) edit administrator accounts.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cyber-Crystal · htmlwebappsphp

https://www.exploit-db.com/exploits/18419

View Code ZIP pw:eip

References (9)

[Various Sources] http://int21.de/cve/CVE-2011-0748-phplist.html

[Third Party Advisory, VDB Entry] http://osvdb.org/78549

[Vendor Advisory] http://secunia.com/advisories/44041

[Various Sources] http://www.phplist.com/?lid=516

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/72746

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/517400/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/51681

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/18419

[Third Party Advisory] http://securityreason.com/securityalert/8199

Scores

EPSS 0.0040

EPSS Percentile 61.0%

Details

CWE

CWE-352

Status published

Products (50)

tincan/phplist 1.0

tincan/phplist 1.0.1

tincan/phplist 1.1.2b

tincan/phplist 1.1.3b

tincan/phplist 1.1.4b

tincan/phplist 1.1.5

tincan/phplist 1.1.5b

tincan/phplist 1.1.6

tincan/phplist 1.1.7

tincan/phplist 1.3.5

... and 40 more

Published Apr 13, 2011

Tracked Since Feb 18, 2026