CVE-2006-6785

Open Newsletter < 2.5 - Unauthenticated Administrative Action Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6785. PoCs published by BlackHawk.

AI-analyzed exploit summary This exploit targets Open Newsletter <= 2.* and includes multiple attack vectors: subscriber email retrieval, credential retrieval, and remote command execution. It leverages weak session validation and file inclusion vulnerabilities to achieve RCE.

Description

The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED
by BlackHawk · phpwebappsphp
https://www.exploit-db.com/exploits/2981

This exploit targets Open Newsletter <= 2.* and includes multiple attack vectors: subscriber email retrieval, credential retrieval, and remote command execution. It leverages weak session validation and file inclusion vulnerabilities to achieve RCE.

Classification
Working Poc 95%
Attack Type
Rce | Info Leak | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Open Newsletter <= 2.*
No auth needed
Prerequisites: Network access to the target · Open Newsletter installation with default or weak configurations
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2981
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23476
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21775

Scores

EPSS 0.0415
EPSS Percentile 89.6%

Details

Status published
Products (2)
open_newsletter/open_newsletter 2.0
open_newsletter/open_newsletter < 2.5
Published Dec 28, 2006
Tracked Since Feb 18, 2026