fkie_nvd - fkie_cve-2012-3953

fkie_cve-2012-3953

Vulnerability from fkie_nvd

Published

2012-08-12 00:55

Modified

2025-04-11 00:51

Severity ?

Summary

SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2012-08/0059.html	Exploit
cve@mitre.org	http://osvdb.org/84483	Exploit
cve@mitre.org	http://www.phplist.com/?lid=579	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/77527
cve@mitre.org	https://www.htbridge.com/advisory/HTB23100	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2012-08/0059.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/84483	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.phplist.com/?lid=579	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/77527
af854a3a-2127-422b-91ae-364da2661108	https://www.htbridge.com/advisory/HTB23100	Exploit

Impacted products

Vendor	Product	Version
phplist	phplist	*
phplist	phplist	2.6.5
phplist	phplist	2.7.1
phplist	phplist	2.7.2
phplist	phplist	2.8.2
phplist	phplist	2.8.7
phplist	phplist	2.8.12
phplist	phplist	2.10.1
phplist	phplist	2.10.2
phplist	phplist	2.10.3
phplist	phplist	2.10.4
phplist	phplist	2.10.5
phplist	phplist	2.10.7
phplist	phplist	2.10.8
phplist	phplist	2.10.9
phplist	phplist	2.10.10
phplist	phplist	2.10.11
phplist	phplist	2.10.12
phplist	phplist	2.10.13
phplist	phplist	2.10.14
phplist	phplist	2.10.15
phplist	phplist	2.10.16
phplist	phplist	2.10.17

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phplist:phplist:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B68EDC00-D515-4707-AE6F-1D767B550A2E",
              "versionEndIncluding": "2.10.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B397B2A-72B7-47CB-8C6E-2316FAFB88CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "692FCE84-9520-48D0-8E5F-9B993C39FF0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "40839A8B-4D5F-480C-8B38-A50DEBF9DB72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0453EF7B-81B5-426C-B858-81B31F878A2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6523FE2E-A186-47E8-BB14-AA7EDCD14FBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ED97CCA-E672-408D-8B1D-1D8E4424AF9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD0770F6-4C09-4D77-A25A-2D9C59B73795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AB6728E-74D6-4939-AA0F-6560678201CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7212A91B-F75D-43CB-90E3-7420C0EA861A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFECF781-0084-4FBD-BD88-E55C85D9480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5492C3F-8833-4F66-B98F-C2B33AD1F14B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDCD31A1-884A-4381-A31C-211FB0F5AA52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "411A8211-874A-4861-A7BE-F5106E324DBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.10.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2AEB89F-A8F3-41A2-8EFF-DF1F121A087A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.10.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6245464-B7CC-4C38-A317-25864A8F4F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.10.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A54E43F-4EB6-40DD-A18D-8A063C9CE4D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.10.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "249CAF32-29C8-4371-B4D6-72207C41BA8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.10.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BA31A08-C74F-4CDC-A644-68EAC4BA39E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.10.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "31A5082D-90A9-42A2-A08C-CCE8F7F53262",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.10.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "531E8F27-4B50-4A8B-A6C4-0B617DAA6224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.10.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B4496FE-646D-48BF-A1F4-F43CE623BE06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phplist:phplist:2.10.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D46171B6-6125-453B-9838-40BA5093B3C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en admin/index.php en phpList anterior a v2.10.19, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro delete para la p\u00e1gina editattributes.\r\n"
    }
  ],
  "id": "CVE-2012-3953",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-08-12T00:55:00.933",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0059.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://osvdb.org/84483"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.phplist.com/?lid=579"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77527"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.htbridge.com/advisory/HTB23100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://osvdb.org/84483"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.phplist.com/?lid=579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77527"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.htbridge.com/advisory/HTB23100"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-3953 (GCVE-0-2012-3953)

Vulnerability from cvelistv5

Published

2012-08-12 00:00