phpList 2.10.x - Security Bypass / Information Disclosure
| EKU-ID: 40618 | CVE: | OSVDB-ID: |
| Author: Davide Canali | Published: 2011-08-15 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 40618 | CVE: | OSVDB-ID: |
| Author: Davide Canali | Published: 2011-08-15 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/49188/info PHPList is prone to a security-bypass vulnerability and an information-disclosure vulnerability. An attacker can exploit these issues to gain access to sensitive information and send arbitrary messages to registered users. Other attacks are also possible. http://www.example.com/lists/?p=forward&uid=VALID_UID&mid=ID http://www.example.com/lists/?p=forward&uid=foo&mid=ID