CVE-2002-1887

phpMyNewsletter <0.6.10 - RCE

Title source: llm

Description

PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote attackers to execute arbitrary PHP code via the l parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by frog · textwebappsphp

https://www.exploit-db.com/exploits/21905

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by frog-m@n · htmlwebappsphp

https://www.exploit-db.com/exploits/3658

View Code ZIP pw:eip

References (4)

[Exploit, Patch, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2002-10/0060.html

[Third Party Advisory] http://secunia.com/advisories/7220

[Patch] http://www.iss.net/security_center/static/10288.php

[Exploit] http://www.securityfocus.com/bid/5886

Scores

EPSS 0.0276

EPSS Percentile 85.8%

Classification

Status draft

Affected Products (1)

gregory_kokanosky/phpmynewsletter

Timeline

Published Dec 31, 2002

Tracked Since Feb 18, 2026