Vulnerabilities > CVE-2006-6785 - Authentication Bypass vulnerability in Open Newsletter Open Newsletter 2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | Open Newsletter <= 2.5 Multiple Remote Vulnerabilities Exploit (update). CVE-2006-6785,CVE-2006-6786. Webapps exploit for php platform |
file | exploits/php/webapps/2981.php |
id | EDB-ID:2981 |
last seen | 2016-01-31 |
modified | 2006-12-23 |
platform | php |
port | |
published | 2006-12-23 |
reporter | BlackHawk |
source | https://www.exploit-db.com/download/2981/ |
title | open newsletter <= 2.5 - Multiple Vulnerabilities Exploit update |
type | webapps |