CVE-2020-24617

Published February 19th, 2021

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

MEDIUM

Affected

PROJECT

Description

Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped.

Mailtrain-org/mailtrain

Self hosted newsletter app

GitHub

5.73K