FreeBSD : phpList -- SQL injection and XSS vulnerability (fd8bac56-c444-11e1-864b-001cc0877741)
High Nessus Plugin ID 59828
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionZero Science Lab reports :
Input passed via the parameter 'sortby' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The param 'num' is vulnerable to a XSS issue where the attacker can execute arbitrary HTML and script code in a user's browser session in context of an affected site.
SolutionUpdate the affected package.