📦 Phplist

This vulnerability allows attackers to bypass authentication in phpList by exploiting PHP's type juggling behavior. When password hashes begin with '0e' followed by only numbers, the '==' comparison o...

CVE-2021-3188 is a CSV injection vulnerability in phpList 3.6.0 that allows attackers to inject malicious formulas into exported CSV files via the email parameter. When victims open these CSV files in...

This SQL injection vulnerability in PHPList allows attackers to manipulate database queries through the Edit Subscription component. It affects PHPList 3.2.6 installations, potentially enabling unauth...