CVE-2006-2887

myNewsletter <1.1.2 - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the UserName parameter in (1) validatelogin.asp or (2) adminlogin.asp.

Exploits (2)

exploitdb WORKING POC VERIFIED

by FarhadKey · htmlwebappsasp

https://www.exploit-db.com/exploits/1884

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by FarhadKey · htmlwebappsphp

https://www.exploit-db.com/exploits/27979

View Code ZIP pw:eip

References (10)

[Third Party Advisory, VDB Entry] http://www.osvdb.org/26127

[Exploit, Vendor Advisory] http://www.kapda.ir/advisory-340.html

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/2149

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26947

[Third Party Advisory, VDB Entry] http://www.osvdb.org/26274

[Vendor Advisory] http://secunia.com/advisories/20423

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1016229

[Exploit] http://www.securityfocus.com/bid/18287

[Third Party Advisory] http://securityreason.com/securityalert/1054

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/436018/100/0/threaded

Scores

EPSS 0.0643

EPSS Percentile 91.1%

Details

Status published

Products (1)

aspburst/mynewsletter 1.1.2

Published Jun 07, 2006

Tracked Since Feb 18, 2026