CVE-2012-2740
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
06/09/2012
Last modified:
11/04/2025
Description
SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:phplist:phplist:*:*:*:*:*:*:*:* | 2.10.17 (including) | |
| cpe:2.3:a:phplist:phplist:2.10.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phplist:phplist:2.10.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phplist:phplist:2.10.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phplist:phplist:2.10.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phplist:phplist:2.10.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phplist:phplist:2.10.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phplist:phplist:2.10.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phplist:phplist:2.10.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phplist:phplist:2.10.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phplist:phplist:2.10.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phplist:phplist:2.10.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phplist:phplist:2.10.13:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phplist:phplist:2.10.14:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phplist:phplist:2.10.15:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://securitytracker.com/id?1027181=
- http://www.exploit-db.com/exploits/18639
- http://www.openwall.com/lists/oss-security/2012/06/16/1
- http://www.openwall.com/lists/oss-security/2012/06/17/2
- http://www.securityfocus.com/bid/52657
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5081.php
- https://mantis.phplist.com/view.php?id=16557
- https://www.phplist.com/?lid=567
- http://securitytracker.com/id?1027181=
- http://www.exploit-db.com/exploits/18639
- http://www.openwall.com/lists/oss-security/2012/06/16/1
- http://www.openwall.com/lists/oss-security/2012/06/17/2
- http://www.securityfocus.com/bid/52657
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5081.php
- https://mantis.phplist.com/view.php?id=16557
- https://www.phplist.com/?lid=567