CVE-2020-35708

phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config – Import Administrators" page.

Date published : 2020-12-25

https://sourceforge.net/projects/phplist/files/phplist/

https://tufangungor.github.io/exploit/2020/12/15/phplist-3.5.9-sql-injection.html