PHPlist Version 2.10.1 and prior contain multiple Cross Site Scripting and SQL Injection vulnerabilities. Furthermore it is possible to access and read arbitrary system files through a vulnerability in PHPlist. Detailed exploitation provided.
429d5e2ed3062111670608399cbfe4c23936e0a7acc764e78fbed068284c5240