RSS   Vulnerabilities for 'Artmedic newsletter'   RSS

2006-05-25
 
CVE-2006-2609

 

 
artmedic newsletter 4.1.2 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletter_log.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

 
 
CVE-2006-2608

CWE-Other
 

 
artmedic newsletter 4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an attacker-controlled value, as demonstrated by injecting PHP code into info.php.

 

 >>> Vendor: Artmedic webdesign 5 Products
Artmedic links
Artmedic event
Artmedic newsletter
Artmedic cms
Artmedic weblog


Copyright 2024, cxsecurity.com

 

Back to Top