CVE-2007-2371

phpMyNewsletter <0.8 beta5 - DoS

Title source: llm

Description

admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BlackHawk · phpwebappsphp

https://www.exploit-db.com/exploits/3671

View Code ZIP pw:eip

References (2)

[Exploit] http://www.securityfocus.com/bid/23342

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3671

Scores

EPSS 0.0597

EPSS Percentile 90.7%

Details

Status published

Products (1)

gregory_kokanosky/phpmynewsletter < 0.8_beta_5

Published Apr 30, 2007

Tracked Since Feb 18, 2026