CVE-2007-2969

WAnewsletter <2.1.3 - RCE

Title source: llm

Description

PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the waroot parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mogatil · textwebappsphp

https://www.exploit-db.com/exploits/4000

View Code ZIP pw:eip

References (3)

[Exploit] http://www.securityfocus.com/bid/24177

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4000

[Third Party Advisory, VDB Entry] http://osvdb.org/38812

Scores

EPSS 0.7462

EPSS Percentile 98.9%

Details

Status published

Products (1)

wanewsletter/wanewsletter < 2.1.3

Published Jun 01, 2007

Tracked Since Feb 18, 2026