CVE-2020-24617 – Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/mo …

Vuln ID: CVE-2020-24617

Published:  2021-02-19  23:15:12Z

Description: Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped.

Source: NVD.NIST.GOV