phpList - SQL Injection (Authenticated)
Version : 3.5.9
Vendor : https://www.phplist.com
CVE : CVE-2020-35708
Description: phpList Version 3.5.9 is affected by SQL injection vulnerability because of improper handling of imported administrator files.
phpList allows the user who logs in as “admin”, to import files in the “Config - Import Administrators” page. The first 3 lines are perceived as email, loginname, password, and the 4th line as an attribute. The attacker can inject his/her own SQL query on line 4.
Creating malicious file:
Importing malicious file:
SQL injection vulnerability: