3 matches found
Web Servers WAnewsletter Remote File Inclusion (CVE-2007-2969)
A Remote File Inclusion vulnerability has been reported in WAnewsletter. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. This protection was...
Immunity Canvas: WANEWSLETTER_REMOTE
Name| WAnewsletterremote ---|--- CVE| CVE-2007-2969 Exploit Pack| CANVAS Description| WAnewsletter Notes| CVSS: 7.5 Repeatability: Infinite VENDOR: emanual.ru CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2969 CVE Name: CVE-2007-2969...
CVE-2007-2969
WAnewsletter 2.1.3 (and earlier) is affected by a PHP Remote File Inclusion in newsletter.php via the waroot parameter. The root cause is lack of input sanitization, enabling a remote attacker to execute arbitrary PHP code on the affected system. Connected advisories reiterate the RFI characteriz...