Just realized that the v3.5 of phplist xfers the post data in plaintext. The user/passwd can easily be seen. Is this fixed in the newer versions… or in the production version??
Also, can anyone tell me what codebase this was based on… I’m assuming from looking over the logic of the code, that this was built in the early 2000’s and hasn’t really been rebuilt using more modern processes/ Am I correct in my guesses??