3 matches found
CVE-2006-6786
CVE-2006-6786 affects Open Newsletter 2.5 and earlier. The vulnerability enables remote authenticated administrators to execute arbitrary PHP code by inserting code into the email parameter of subscribe.php or unsubscribe.php. This leads to potential code execution with the privileges of the auth...
CVE-2006-6785
CVE-2006-6785 affects Open Newsletter 2.5 and earlier. The (1) settings.php and (2) subscribers.php scripts do not exit after authentication fails, enabling remote attackers to perform unauthorized administrative actions and, in combination with another vulnerability, to execute arbitrary code. A...
CVE-2007-6301
CVE-2007-6301 describes a cross-site scripting (XSS) vulnerability in the OpenNewsletter project, specifically in compose.php for version 2.5 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML by supplying a crafted value to the type parameter. The available sou...