| VID |
21682 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of PHPlist which is older than version 2.6.4 is detected as installed on the host. PHPlist is a web application that implements a personalized mailing list manager or customer relationship management (CRM) system, written in PHP. PHPlist version 2.6.3 and earlier versions are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to conduct arbitrary code execution, cross-site scripting (XSS), and SQL injection attacks.
* Note: This check solely relied on the version number of PHPlist on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2003-11/0163.html
* Platforms Affected:
Open Source, PHPlist version 2.6.3 and earlier versions
Any application Any version |
| Recommendation |
Upgrade to the latest version of PHPlist (2.6.4 or later), available from the PHPlist Web site at http://www.phplist.com |
| Related URL |
(CVE) |
| Related URL |
9046,11545 (SecurityFocus) |
| Related URL |
13761 (ISS) |
|
