CVE-2023-27576

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Aug 18, 2023

Updated: Nov 6, 2023

Summary

CVE-2023-27576: A vulnerability was discovered in phpList before 3.6.14 that enabled unauthorized access to the system's super admin account. By manipulating the ID parameter and associated username in a password reset request, an attacker could bypass the email confirmation requirement and change the super admin's email address and password, allowing them to log in as the super admin and gain full control of the phpList installation. This vulnerability could lead to account takeover and potentially serious data breaches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sY1eQo
https://www.cve.org/CVERecord?id=CVE-2023-27576
https://nvd.nist.gov/vuln/detail/CVE-2023-27576

Back to Vulnerability Database

CVE-2023-27576

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations