CVE-2005-3555

Published: Nov 16, 2005Modified: Apr 16, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page.

Affected (1)

Products: Tincan: Phplist

Tincan

1 product

Phplist

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tincan Phplist	Up to 2.10.1

References (14)

http://osvdb.org/20567

Source: cve@mitre.org

http://osvdb.org/20568

Source: cve@mitre.org

http://secunia.com/advisories/17476

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/archive/1/416005/30/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/15350

Source: cve@mitre.org

http://www.trapkit.de/advisories/TKADV2005-11-001.txt

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://www.vupen.com/english/advisories/2005/2345

Source: cve@mitre.org

http://osvdb.org/20567