Security Advisory

CVE-2020-24617

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-02-19 22:48:01

Last updated 2024-08-04 15:19:08

Assigner mitre

State PUBLISHED

Description

Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped.

← Browse all CVEs View on cve.org ↗