Vulnerabilities > CVE-2006-6785 - Authentication Bypass vulnerability in Open Newsletter Open Newsletter 2.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
open-newsletter
exploit available

Summary

The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability.

Vulnerable Configurations

Part Description Count
Application
Open_Newsletter
2

Exploit-Db

descriptionOpen Newsletter <= 2.5 Multiple Remote Vulnerabilities Exploit (update). CVE-2006-6785,CVE-2006-6786. Webapps exploit for php platform
fileexploits/php/webapps/2981.php
idEDB-ID:2981
last seen2016-01-31
modified2006-12-23
platformphp
port
published2006-12-23
reporterBlackHawk
sourcehttps://www.exploit-db.com/download/2981/
titleopen newsletter <= 2.5 - Multiple Vulnerabilities Exploit update
typewebapps