Security Announcement

5 November 2003
Recently two vulnerabilities have been found in older versions of PHPlist. Everyone is urgently advised to upgrade to the latest release.
Affected Versions: any version before 2.6.4
The first vulnerability allows anyone to access the details of your users. This causes a breach of privacy as well as can be exploited by originators of unsolicited emails.

The second vulnerability allows remote attackers to execute arbitrary commands on the server PHPlist is hosted on. This is a major security breach and should be avoided at all cost. This vulnerability can be avoided by adding the following content in a file called ".htaccess" in the admin directory of PHPlist.


Order allow,deny
deny from all


Order allow,deny
allow from all
  • phpList and Joomla
  • new stable version, 2.10.10
  • security update version 2.10.9
  • security update, version 2.10.8
  • new stable release, 2.10.7
  • new stable release, 2.10.5
  • version 2.11.3
  • new development version 2.11.2
  • version 2.10.4 is out
  • CVS version back online
  • phplist drops below 10.000 on Alexa
  • phplist in Japanese
  • The official Nobel Prize website uses phplist
  • version 2.10.3 is out
  • Featured site on Wikkawiki
  • Screenshots
  • New Website for phplist!
  • Security Announcement
  • Security Announcement