CVE-2020-8242

Summary

Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack.

Affected Software

VendorProductVersion RangeStatus
n/aExpressionEngine<= 5.4.0affected

Weaknesses

  • CWE-89: SQL Injection (CWE-89)

ADP Enrichment

CVE Program Container

Additional References

References