CVE-2006-6785

Open Newsletter <2.5 - RCE

Title source: llm

Description

The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BlackHawk · phpwebappsphp

https://www.exploit-db.com/exploits/2981

View Code ZIP pw:eip

References (3)

[Third Party Advisory] http://secunia.com/advisories/23476

[Exploit] http://www.securityfocus.com/bid/21775

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/2981

Scores

EPSS 0.2638

EPSS Percentile 96.3%

Details

Status published

Products (2)

open_newsletter/open_newsletter 2.0

open_newsletter/open_newsletter < 2.5

Published Dec 28, 2006

Tracked Since Feb 18, 2026