Vulnerabilities

CVE-2020-24617

by Fred · 19/02/2021

Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped.

Date published : 2021-02-19

https://github.com/Mailtrain-org/mailtrain/pull/909

https://securitylab.github.com/advisories/GHSL-2020-132-Mailtrain

Similar

Tags: Cybersecurity Alert

CVE-2020-24617

Similar

Recent Posts

Categories

CVE-2020-24617

Share this:

Similar

Recent Posts

Categories

Tags