Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-28074 PoC — phpList 安全漏洞

Source
https://github.com/mLniumm/CVE-2025-28074
Associated Vulnerability
Title:phpList 安全漏洞 (CVE-2025-28074)
Description:phpList是phpList开源的一个功能齐全的开源电子邮件营销经理,用于创建、发送、集成和分析电子邮件活动和通讯。 phpList 3.6.3之前版本存在安全漏洞,该漏洞源于输入清理不当,可能导致跨站脚本攻击。
Readme
# CVE-2025-28074
[Suggested description]
phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due
to improper input sanitization in lt.php. The vulnerability is
exploitable when the application dynamically references internal paths
and processes untrusted input without escaping, allowing an attacker to
inject malicious JavaScript.

------------------------------------------

[Additional Information]
This vulnerability is exploitable only when the application references internal paths dynamically. If an attacker can influence the path parameter or a similar reference mechanism, they can inject malicious input, leading to reflected XSS. The issue arises from the lack of proper input sanitization in lt.php, which fails to escape user-supplied parameters before rendering them in the response. Proper input validation and output encoding are required to mitigate this issue.

------------------------------------------

[Vulnerability Type]
Cross Site Scripting (XSS)

------------------------------------------

[Vendor of Product]
phpList

------------------------------------------

[Affected Product Code Base]
phpList - 3.6.3 (and possibly earlier versions)

------------------------------------------

[Affected Component]
https://github.com/phpList/phplist3/blob/main/public_html/lists/lt.php

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[Impact Code execution]
true

------------------------------------------

[Impact Information Disclosure]
true

------------------------------------------

[CVE Impact Other]
Social Engineering: This vulnerability allows an attacker to execute arbitrary JavaScript in a victim   s browser via an indirect Cross-Site Scripting (XSS) attack. The attack requires an application that references internal PHP paths, enabling an attacker to inject JavaScript payloads through improperly sanitized parameters. This can lead to credential theft, session hijacking, or malicious redirection.

------------------------------------------

[Attack Vectors]
An attacker can craft a specially crafted payload to force the system to reference lt.php through an internal path reference mechanism. The vulnerable script reflects user-controlled input without proper encoding or escaping, leading to a Cross-Site Scripting (XSS) vulnerability. This allows the attacker to inject arbitrary JavaScript, potentially compromising user sessions or executing malicious actions within the victim's browser.

------------------------------------------

[Reference]
https://github.com/phpList/phplist3/blob/main/public_html/lists/lt.php

------------------------------------------

[Discoverer]
Pattharadech Soponrat
File Snapshot

 [4.0K]  /data/pocs/d62ab246c13354db711e6e86c3b8322d27887e2c
└── [2.7K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.