Artmedic Webdesign » Artmedic Newsletter : Security Vulnerabilities, CVEs,
artmedic newsletter 4.1.2 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletter_log.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
5.1
EPSS Score
0.33%
Published
2006-05-26
Updated
2011-03-08
artmedic newsletter 4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an attacker-controlled value, as demonstrated by injecting PHP code into info.php.
Max CVSS
5.1
EPSS Score
9.40%
Published
2006-05-26
Updated
2018-10-18
2 vulnerabilities found