Vulnerabilities > CVE-2007-2371 - Scripts Authentication Bypass vulnerability in PHPMyNewsLetter

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
gregory-kokanosky
critical
exploit available
NVD
Published: 2007-04-30
Updated: 2017-10-11

Summary

admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action.

Vulnerable Configurations

Part Description Count
Application
Gregory_Kokanosky
1

Exploit-Db

descriptionphpMyNewsletter. CVE-2007-2371,CVE-2007-2372. Webapps exploit for php platform
fileexploits/php/webapps/3671.php
idEDB-ID:3671
last seen2016-01-31
modified2007-04-05
platformphp
port
published2007-04-05
reporterBlackHawk
sourcehttps://www.exploit-db.com/download/3671/
titlephpMyNewsletter <= 0.8 beta5 - Multiple Vulnerability Exploit
typewebapps

References