exploitDog

CVE-2020-35708

Опубликовано: 25 дек. 2020

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.

Ссылки

https://sourceforge.net/projects/phplist/files/phplist/
Third Party Advisory
https://tufangungor.github.io/exploit/2020/12/15/phplist-3.5.9-sql-injection.html
Exploit
Third Party Advisory
https://sourceforge.net/projects/phplist/files/phplist/
Third Party Advisory
https://tufangungor.github.io/exploit/2020/12/15/phplist-3.5.9-sql-injection.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phplist:phplist:3.5.9:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00274

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2020-35708

CVSS3: 7.2

debian

около 5 лет назад

phpList 3.5.9 allows SQL injection by admins who provide a crafted fou ...

GHSA-v439-79v8-38g8

github

больше 3 лет назад

phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.

EPSS

Процентиль: 51%

0.00274

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89