Vulnerability CVE-2006-6785
Published: 2006-12-27   Modified: 2012-02-12

Description:
The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Open newsletter -> Open newsletter 

 References:
http://www.securityfocus.com/bid/21775
https://www.exploit-db.com/exploits/2981
Copyright 2024, cxsecurity.com

 

Back to Top