source: https://www.securityfocus.com/bid/49188/info PHPList is prone to a security-bypass vulnerability and an information-disclosure vulnerability. An attacker can exploit these issues to gain access to sensitive information and send arbitrary messages to registered users. Other attacks are also possible. http://www.example.com/lists/?p=forward&uid=VALID_UID&mid=ID http://www.example.com/lists/?p=forward&uid=foo&mid=ID