CVE-2014-2916
Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0018 (0.2%)
Percentil: 39.4%
EPSS: 2026-05-06
Afecta
phplist:phplistDescripción técnica
Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/.
Publicada: 5/5/2014, 16:07:06
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://labs.davidsopas.com/2014/04/phplist-csrf-on-subscription-page.html
- http://secunia.com/advisories/57893
- http://www.phplist.com/?lid=638
- http://www.securitytracker.com/id/1030191
- http://labs.davidsopas.com/2014/04/phplist-csrf-on-subscription-page.html
- http://secunia.com/advisories/57893
- http://www.phplist.com/?lid=638
- http://www.securitytracker.com/id/1030191