CVE-2006-2887
CVE-2006-2887 affects myNewsletter 1.1.2 and earlier, where the UserName parameter in validatelogin.asp and adminlogin.asp is vulnerable to SQL injection. The underlying issue is improper input handling that allows remote attackers to inject arbitrary SQL commands, enabling credential bypass or d...