POC详情: d62ab246c13354db711e6e86c3b8322d27887e2c

来源
https://github.com/mLniumm/CVE-2025-28074
关联漏洞
标题: phpList 安全漏洞 (CVE-2025-28074)
描述:phpList是phpList开源的一个功能齐全的开源电子邮件营销经理,用于创建、发送、集成和分析电子邮件活动和通讯。 phpList 3.6.3之前版本存在安全漏洞,该漏洞源于输入清理不当,可能导致跨站脚本攻击。
介绍
# CVE-2025-28074
[Suggested description]
phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due
to improper input sanitization in lt.php. The vulnerability is
exploitable when the application dynamically references internal paths
and processes untrusted input without escaping, allowing an attacker to
inject malicious JavaScript.

------------------------------------------

[Additional Information]
This vulnerability is exploitable only when the application references internal paths dynamically. If an attacker can influence the path parameter or a similar reference mechanism, they can inject malicious input, leading to reflected XSS. The issue arises from the lack of proper input sanitization in lt.php, which fails to escape user-supplied parameters before rendering them in the response. Proper input validation and output encoding are required to mitigate this issue.

------------------------------------------

[Vulnerability Type]
Cross Site Scripting (XSS)

------------------------------------------

[Vendor of Product]
phpList

------------------------------------------

[Affected Product Code Base]
phpList - 3.6.3 (and possibly earlier versions)

------------------------------------------

[Affected Component]
https://github.com/phpList/phplist3/blob/main/public_html/lists/lt.php

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[Impact Code execution]
true

------------------------------------------

[Impact Information Disclosure]
true

------------------------------------------

[CVE Impact Other]
Social Engineering: This vulnerability allows an attacker to execute arbitrary JavaScript in a victim   s browser via an indirect Cross-Site Scripting (XSS) attack. The attack requires an application that references internal PHP paths, enabling an attacker to inject JavaScript payloads through improperly sanitized parameters. This can lead to credential theft, session hijacking, or malicious redirection.

------------------------------------------

[Attack Vectors]
An attacker can craft a specially crafted payload to force the system to reference lt.php through an internal path reference mechanism. The vulnerable script reflects user-controlled input without proper encoding or escaping, leading to a Cross-Site Scripting (XSS) vulnerability. This allows the attacker to inject arbitrary JavaScript, potentially compromising user sessions or executing malicious actions within the victim's browser.

------------------------------------------

[Reference]
https://github.com/phpList/phplist3/blob/main/public_html/lists/lt.php

------------------------------------------

[Discoverer]
Pattharadech Soponrat
文件快照

 [4.0K]  /data/pocs/d62ab246c13354db711e6e86c3b8322d27887e2c
└── [2.7K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。