PHPMyNewsLetter Multiple Scripts Authentication Bypass Vulnerabilities
BID:23342
Info
PHPMyNewsLetter Multiple Scripts Authentication Bypass Vulnerabilities
| Bugtraq ID: | 23342 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-2372 CVE-2007-2371 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 05 2007 12:00AM |
| Updated: | Jul 06 2016 02:39PM |
| Credit: | BlackHawk is credited with the discovery of this vulnerability. |
| Vulnerable: |
Greg's Places phpMyNewsletter 0.8 Beta 5 |
| Not Vulnerable: | |
Discussion
PHPMyNewsLetter Multiple Scripts Authentication Bypass Vulnerabilities
phpMyNewsletter is prone to vulnerabilities that allow an attacker to bypass authentication.
An attacker can exploit these issues to modify sensative configuration data, launch further attacks, and send spam.
phpMyNewsletter 0.8 beta 5 and prior versions are affected.
phpMyNewsletter is prone to vulnerabilities that allow an attacker to bypass authentication.
An attacker can exploit these issues to modify sensative configuration data, launch further attacks, and send spam.
phpMyNewsletter 0.8 beta 5 and prior versions are affected.
Exploit / POC
PHPMyNewsLetter Multiple Scripts Authentication Bypass Vulnerabilities
Attackers can use a browser to exploit these issues.
The following exploit is available:
Attackers can use a browser to exploit these issues.
The following exploit is available:
Solution / Fix
PHPMyNewsLetter Multiple Scripts Authentication Bypass Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
PHPMyNewsLetter Multiple Scripts Authentication Bypass Vulnerabilities
References:
References:
- Vendor Homepage (Greg's Place)