Open Newsletter 2.5 and previous versions allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to (1) subscribe.php or (2) unsubscribe.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open newsletter open newsletter |
||
open newsletter open newsletter 2.0 |