admin.php in Newsletter ZWS allows remote malicious users to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zaireweb solutions newsletter zws |