CVE-2020-35708

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
25/12/2020
Last modified:
28/12/2020

Description

phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:phplist:phplist:3.5.9:*:*:*:*:*:*:*