CVE-2012-5228

phplist < 2.10.19 - Cross-Site Scripting via testtarget Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5228. PoCs published by Cyber-Crystal.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in phplist 2.10.9 that allows an attacker to add an admin account and an XSS vulnerability that can be triggered via a crafted POST request. The PoC includes HTML forms to exploit these vulnerabilities.

Description

Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cyber-Crystal · htmlwebappsphp

https://www.exploit-db.com/exploits/18419

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in phplist 2.10.9 that allows an attacker to add an admin account and an XSS vulnerability that can be triggered via a crafted POST request. The PoC includes HTML forms to exploit these vulnerabilities.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: phplist version 2.10.9

No auth needed

Prerequisites: Access to the target phplist admin interface

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/47727

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/72747

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18419

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/78548

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/51681

Scores

EPSS 0.0165

EPSS Percentile 73.4%

Details

CWE

CWE-79

Status published

Products (50)

tincan/phplist 1.0

tincan/phplist 1.0.1

tincan/phplist 1.1.2b

tincan/phplist 1.1.3b

tincan/phplist 1.1.4b

tincan/phplist 1.1.5

tincan/phplist 1.1.5b

tincan/phplist 1.1.6

tincan/phplist 1.1.7

tincan/phplist 1.3.5

... and 40 more

Published Oct 01, 2012

Tracked Since Feb 18, 2026