Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. NOTE: this issue exists because of an incomplete fix for CVE-2011-0748. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Tincan phpList多个跨站请求伪造漏洞
Vulnerability Description
phpList是一款由PHP编写的时事通讯应用程序。 phpList 2.10.13及之前版本中存在多个跨站请求伪造漏洞。由于该应用程序的web界面允许用户借助未经过任何验证检查的HTTP请求执行某些操作,远程攻击者可以利用这些漏洞劫持管理员请求(1)创建列表或者(2)注入跨站脚本序列的认证。
CVSS Information
N/A
Vulnerability Type
N/A