Description
phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.
Remediation
References
Related Vulnerabilities
WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (5.3.5)
RubyGems 7PK - Security Features Vulnerability (CVE-2015-3900)
Apache HTTP Server CVE-2002-0839 Vulnerability (CVE-2002-0839)
WordPress Plugin WP Legal Pages Cross-Site Scripting (1.0.1)
WebLogic Improper Certificate Validation Vulnerability (CVE-2020-9488)