header-logo
Suggest Exploit
vendor:
PHPList
by:
7.5
CVSS
HIGH
Security Bypass and Information Disclosure
200
CWE
Product Name: PHPList
Affected Version From:
Affected Version To:
Patch Exists: YES
Related CWE:
CPE: a:phplist:phplist
Metasploit:
Other Scripts:
Platforms Tested:

PHPList Security Bypass and Information Disclosure Vulnerabilities

PHPList is prone to a security-bypass vulnerability and an information-disclosure vulnerability. An attacker can exploit these issues to gain access to sensitive information and send arbitrary messages to registered users. Other attacks are also possible.

Mitigation:

It is recommended to update to the latest version of PHPList to address these vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/49188/info

PHPList is prone to a security-bypass vulnerability and an information-disclosure vulnerability.

An attacker can exploit these issues to gain access to sensitive information and send arbitrary messages to registered users. Other attacks are also possible. 

http://www.example.com/lists/?p=forward&uid=VALID_UID&mid=ID
http://www.example.com/lists/?p=forward&uid=foo&mid=ID