CVE-2005-3555
published 2005-11-16CVE-2005-3555: Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary…
PriorityP433medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
1.59%
72.7th percentile
Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tincan | phplist | <= 2.10.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PHPList Mailing List Manager 2.x - '/admin/editattributes.php?id' SQL Injection
exploitdb·2005-11-07
CVE-2005-3555 PHPList Mailing List Manager 2.x - '/admin/editattributes.php?id' SQL Injection
PHPList Mailing List Manager 2.x - '/admin/editattributes.php?id' SQL Injection
---
source: https://www.securityfocus.com/bid/15350/info
PHPList is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly santize user-supplied input.
The application is prone to multiple cross-site scripting, HTTP injection, SQL injection and directory traversal vulnerabilities.
http://www.example.com/lists/admin/?page=editattributes&id=1'[SQL]
Exploit-DB
PHPList Mailing List Manager 2.x - '/admin/admin.php?id' SQL Injection
exploitdb·2005-11-07
CVE-2005-3555 PHPList Mailing List Manager 2.x - '/admin/admin.php?id' SQL Injection
PHPList Mailing List Manager 2.x - '/admin/admin.php?id' SQL Injection
---
source: https://www.securityfocus.com/bid/15350/info
PHPList is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly santize user-supplied input.
The application is prone to multiple cross-site scripting, HTTP injection, SQL injection and directory traversal vulnerabilities.
http://www.example.com/lists/admin/?page=admin&id=1'[SQL]
No writeups or analysis indexed.
http://osvdb.org/20567http://osvdb.org/20568http://secunia.com/advisories/17476http://www.securityfocus.com/archive/1/416005/30/0/threadedhttp://www.securityfocus.com/bid/15350http://www.trapkit.de/advisories/TKADV2005-11-001.txthttp://www.vupen.com/english/advisories/2005/2345http://osvdb.org/20567http://osvdb.org/20568http://secunia.com/advisories/17476http://www.securityfocus.com/archive/1/416005/30/0/threadedhttp://www.securityfocus.com/bid/15350http://www.trapkit.de/advisories/TKADV2005-11-001.txthttp://www.vupen.com/english/advisories/2005/2345
2005-11-16
Published