High severity8.8NVD Advisory· Published Feb 19, 2021· Updated Jun 17, 2026
CVE-2020-24617
CVE-2020-24617
Description
Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Mailtrain/Mailtraindescription
- Range: <=1.24.1
Patches
Vulnerability mechanics
References
2- github.com/Mailtrain-org/mailtrain/pull/909nvdPatchThird Party Advisory
- securitylab.github.com/advisories/GHSL-2020-132-MailtrainnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.