Security Advisory

CVE-2020-22249

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-07-06 19:47:39

Last updated 2024-08-04 14:51:10

Assigner mitre

State PUBLISHED

Description

Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution

← Browse all CVEs View on cve.org ↗