CVE-2006-6786

Open Newsletter <2.5 - Command Injection

Title source: llm

Description

Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to (1) subscribe.php or (2) unsubscribe.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by BlackHawk · phpwebappsphp
https://www.exploit-db.com/exploits/2981

References (2)

Scores

EPSS 0.0475
EPSS Percentile 89.5%

Details

Status published
Products (2)
open_newsletter/open_newsletter 2.0
open_newsletter/open_newsletter < 2.5
Published Dec 28, 2006
Tracked Since Feb 18, 2026