CVE-2020-22249
Summary: CVE-2020-22249 affects phplist 3.5.1, where a lack of validation of plugin ZIP contents allows uploading malicious plugins containing PHP files (e.g., PHP, phtml, php7) that are copied into the plugins directory, leading to remote code execution. Root cause: the application does not enfo...