CVE-2006-6785
open NewsLetter 2.5 - Multiple Vulnerabilities
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability.
Las secuencias de comandos (1) settings.php y (2) subscribers.php en Open Newsletter 2.5 y anteriores no terminan cuando la autenticación falla, lo que permite a atacantes remotos ejecutar acciones administrativas no autorizadas, o ejecutar código de su elección en conjunción con otra vulnerabilidad.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-12-27 CVE Reserved
- 2006-12-28 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-09-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/23476 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/2981 | 2024-08-07 | |
| http://www.securityfocus.com/bid/21775 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Open Newsletter Search vendor "Open Newsletter" | Open Newsletter Search vendor "Open Newsletter" for product "Open Newsletter" | <= 2.5 Search vendor "Open Newsletter" for product "Open Newsletter" and version " <= 2.5" | - |
Affected
| ||||||
| Open Newsletter Search vendor "Open Newsletter" | Open Newsletter Search vendor "Open Newsletter" for product "Open Newsletter" | 2.0 Search vendor "Open Newsletter" for product "Open Newsletter" and version "2.0" | - |
Affected
| ||||||