Description
phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.
Remediation
References
Related Vulnerabilities
Joomla Cryptographic Issues Vulnerability (CVE-2008-4122)
WordPress Plugin Import any XML or CSV File to WordPress Multiple Vulnerabilities (3.2.4)
PHP unspecified remote arbitrary file upload vulnerability
WordPress Plugin Couponer 'print-coupon.php' SQL Injection (1.2)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1559)