Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution
{ "cpes": [ "cpe:2.3:a:phplist:phplist:3.5.1:*:*:*:*:*:*:*" ], "severity": "Critical" }