CVE-2011-1682

phpList <2.10.13 - CSRF

Title source: llm

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. NOTE: this issue exists because of an incomplete fix for CVE-2011-0748. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC

htmlwebappsphp

https://www.exploit-db.com/exploits/18419

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://secunia.com/advisories/44041

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/66666

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/66816

Scores

EPSS 0.0040

EPSS Percentile 60.6%

Details

CWE

CWE-352

Status published

Products (50)

tincan/phplist 1.0

tincan/phplist 1.0.1

tincan/phplist 1.1.2b

tincan/phplist 1.1.3b

tincan/phplist 1.1.4b

tincan/phplist 1.1.5

tincan/phplist 1.1.5b

tincan/phplist 1.1.6

tincan/phplist 1.1.7

tincan/phplist 1.3.5

... and 40 more

Published Apr 13, 2011

Tracked Since Feb 18, 2026