9.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.8%
Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped.
github.com/Mailtrain-org/mailtrain/pull/909
securitylab.github.com/advisories/GHSL-2020-132-Mailtrain