source: https://www.securityfocus.com/bid/49188/info

PHPList is prone to a security-bypass vulnerability and an information-disclosure vulnerability.

An attacker can exploit these issues to gain access to sensitive information and send arbitrary messages to registered users. Other attacks are also possible. 

http://www.example.com/lists/?p=forward&uid=VALID_UID&mid=ID
http://www.example.com/lists/?p=forward&uid=foo&mid=ID