Known Vulnerabilities for products from Phplist
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Phplist".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-26572 json | Not Provided | 2025-02-13 | 2026-04-23 | |
| CVE-2023-27576 json | An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the ... | 6.7 - MEDIUM | 2023-08-18 | 2023-11-06 |
| CVE-2021-3188 json | phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports. | 9.8 - CRITICAL | 2021-01-26 | 2021-02-03 |
| CVE-2020-36399 json | A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web script... | 5.4 - MEDIUM | 2021-07-02 | 2021-07-06 |
| CVE-2020-36398 json | A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web script... | 5.4 - MEDIUM | 2021-07-02 | 2021-07-06 |
| CVE-2020-35708 json | phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrato... | 7.2 - HIGH | 2020-12-25 | 2020-12-28 |
| CVE-2020-23361 json | phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles h... | 9.8 - CRITICAL | 2021-01-27 | 2021-07-21 |
| CVE-2020-23217 json | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML ... | 5.4 - MEDIUM | 2021-07-01 | 2021-07-06 |
| CVE-2020-23214 json | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML ... | 5.4 - MEDIUM | 2021-07-01 | 2021-07-06 |
| CVE-2020-23209 json | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML ... | 5.4 - MEDIUM | 2021-07-01 | 2021-07-06 |
| CVE-2020-23208 json | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML ... | 5.4 - MEDIUM | 2021-07-01 | 2021-07-06 |
| CVE-2020-23207 json | A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML ... | 5.4 - MEDIUM | 2021-07-01 | 2021-07-06 |
| CVE-2020-23194 json | A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authe... | 5.4 - MEDIUM | 2021-07-02 | 2021-07-06 |
| CVE-2020-23192 json | A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitr... | 5.4 - MEDIUM | 2021-07-02 | 2021-07-06 |
| CVE-2020-23190 json | A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attacke... | 5.4 - MEDIUM | 2021-07-02 | 2021-07-06 |
| CVE-2020-22251 json | Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new... | 4.8 - MEDIUM | 2021-07-06 | 2021-07-07 |
| CVE-2020-22249 json | Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin... | 9.8 - CRITICAL | 2021-07-06 | 2021-07-08 |
| CVE-2020-15073 json | An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via up... | 5.4 - MEDIUM | 2020-07-08 | 2020-07-10 |
| CVE-2020-15072 json | An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administra... | 8.8 - HIGH | 2020-07-08 | 2020-07-10 |
| CVE-2020-13827 json | phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. | 6.1 - MEDIUM | 2020-06-04 | 2023-02-27 |
Known software with vulnerabilities from Phplist
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Phplist | Phplist | 2.10.1 |