CVE-2020-35708

CVE-2020-35708

EPSS 1.5%

phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://sourceforge.net/projects/phplist/files/phplist/https://tufangungor.github.io/exploit/2020/12/15/phplist-3.5.9-sql-injection.html