CVE-2020-15072
phpList 3.5.4 and earlier are affected by CVE-2020-15072: an error-based SQL Injection in the Import Administrators feature due to insufficient input validation. The CVSS-derived impact is high (C/H/I/H/A/H in CVSS‑3.1; MEDIUM in CVSS‑2.0), with network access, low attack complexity, and no user ...