The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and previous versions do not exit when authentication fails, which allows remote malicious users to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open newsletter open newsletter 2.0 |
||
open newsletter open newsletter |