CVE-2020-35708
HIGH WAF: High
CVSS 7.2
Published: 2020-12-25
CWE-89
phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| phplist | phplist | 3.5.9 |
References
- sourceforge.net (Third Party Advisory)
- tufangungor.github.io (Exploit, Third Party Advisory)