Release date: 2012-09-06
Updated on:
Affected Systems:
Phplist 2.10.17
Unaffected system:
Phplist 2.10.18
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52657
Cve id: CVE-2012-2740
PHPList is an open-source email activity manager.
The public_html/lists/admin in phpList 2.10.18 has the SQL injection vulnerability. by searching for the sortby parameter in the operation, remote attackers can execute arbitrary SQL commands.
<* Source: Gjoko Krstic (liquidworm@gmail.com)
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.example.com/public_html/lists/admin? Blacklisted = 1 & amp; change = Vai & amp; find = & amp; findby = email & amp; id = 0 & amp; page = users & amp; sortorder = desc & amp; start = 0 & amp; unconfirmed = 1 & amp; sortby = 1 [SQL]
Http://www.example.com/public_html/lists/admin? Num = [XSS] & amp; option = bounces & amp; page = reconcileusers
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Phplist
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Www.phplist.com/