SQL injection vulnerability in archives.php in Gregory Kokanosky (aka Greg's Place) phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msg_id parameter.
Max CVSS
6.8
EPSS Score
0.14%
Published
2008-03-12
Updated
2017-09-29
admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and list_id fields; and send the message via a direct request for the MsgId value under admin/.
Max CVSS
10.0
EPSS Score
0.51%
Published
2007-04-30
Updated
2017-10-11
admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action.
Max CVSS
10.0
EPSS Score
0.33%
Published
2007-04-30
Updated
2017-10-11
PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote attackers to execute arbitrary PHP code via the l parameter.
Max CVSS
7.5
EPSS Score
5.80%
Published
2002-12-31
Updated
2008-09-05
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!