Описание
The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability.
Уязвимые конфигурации
Конфигурация 1Версия до 2.5 (включая)
Одно из
cpe:2.3:a:open_newsletter:open_newsletter:*:*:*:*:*:*:*:*
cpe:2.3:a:open_newsletter:open_newsletter:2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.26385
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability.
EPSS
Процентиль: 96%
0.26385
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other