Description
phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.
Remediation
References
Related Vulnerabilities
WordPress Plugin Popup Modal For Youtube Cross-Site Scripting (1.0.1)
WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.29)
WordPress Plugin Nextend Facebook Connect Unspecified Vulnerability (1.5.7)
WordPress Plugin Access Expiration Cross-Site Scripting (1.1)
WordPress Plugin HashThemes Demo Importer Security Bypass (1.1.1)