Every CVE whose affected-product data names Tincan Phplist, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2006-5322 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow remote attackers to execute arbitrary SQL commands via unspecified…
CVE-2009-0422 — CVSS 7.5 (high): Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows…
CVE-2005-2432 — CVSS 7.5 (high): SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1)…
CVE-2011-0748 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in phpList before 2.10.13 allow remote attackers to hijack the authentication of…
CVE-2005-3555 — CVSS 6.5 (medium): Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to…
CVE-2005-3557 — CVSS 5.0 (medium): Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via…
CVE-2008-5887 — CVSS 5.0 (medium): phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability."
CVE-2006-1746 — CVSS 5.0 (medium): Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1)…
CVE-2005-2433 — CVSS 5.0 (medium): PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.php, (2) connect.php, (3) domainstats.php…
CVE-2012-5228 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows…
CVE-2005-3556 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or…
CVE-2006-5294 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or…
CVE-2006-5321 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML…
CVE-2011-1682 — CVSS 4.3 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the…