Sign in Subscribe

← All advisories

Unrated severityNVD Advisory· Published Dec 25, 2020· Updated Aug 4, 2024

CVE-2020-35708

CVE-2020-35708

Description

phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.

Affected products

2

phpList/phpListdescription
osv-coords
pkg:bitnami/phplist
Range: >= 3.5.9, <= 3.5.9

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

sourceforge.net/projects/phplist/files/phplist/mitrex_refsource_MISC
tufangungor.github.io/exploit/2020/12/15/phplist-3.5.9-sql-injection.htmlmitrex_refsource_MISC

News mentions

0

No linked articles in our index yet.