Description

phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.

Remediation

References

CVE-2020-35708

Related Vulnerabilities

MySQL Resource Management Errors Vulnerability (CVE-2010-3836)

WordPress Plugin Photocart Link Local File Inclusion (1.6)

Grafana Incorrect Authorization Vulnerability (CVE-2022-21713)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.27)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (3.9.7)

Severity

High

Classification

CVE-2020-35708 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities