CVE-2020-35382

SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user.