Vulnerability Details : CVE-2020-24617
Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped.
Vulnerability category: Sql Injection
Exploit prediction scoring system (EPSS) score for CVE-2020-24617
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less