Mailtrain: >> Mailtrain >> 1.13.0 Security Vulnerabilities
Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-02-19