phpList Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2017-20030 - Vulnerability Database

phpList Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2017-20030

High
Reference: CVE-2017-20030
Title: phpList Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

A vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.