Description
phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.
Remediation
References
Related Vulnerabilities
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7486)
Django Resource Management Errors Vulnerability (CVE-2015-5143)
WordPress Plugin Google Pagespeed Insights Cross-Site Scripting (3.0.0)
WordPress Plugin Accordion Shortcodes Cross-Site Scripting (2.4.2)