Ellislab · Expressionengine · CVE-2020-8242
**Name of the Vulnerable Software and Affected Versions**
ExpressionEngine versions prior to 5.4.0
**Description**
The issue arises from unsanitized user input in the control panel member creation functionality, leading to an SQL injection. An attacker would need access to the member creation/admin control panel to execute the attack.
**Recommendations**
For versions prior to 5.4.0, update to version 5.4.0 or later to resolve the issue.