CVE-2017-20031: PHPList information disclosure
First published: Fri Jun 10 2022(Updated: )
A vulnerability was found in PHPList 3.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sortby with the input password leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| phpList | =3.2.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2017-20031?
CVE-2017-20031 is a vulnerability found in PHPList 3.2.6 that allows for remote information disclosure.
How severe is CVE-2017-20031?
CVE-2017-20031 has a severity rating of medium (2.7).
Which software versions are affected by CVE-2017-20031?
PHPList version 3.2.6 is affected by CVE-2017-20031.
How can I fix CVE-2017-20031?
To fix CVE-2017-20031, update PHPList to a version that is not affected by the vulnerability.
Where can I find more information about CVE-2017-20031?
More information about CVE-2017-20031 can be found at the following references: [1] [2]
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/phplist
- canonical/phplist
- version/phplist/3.2.6