QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-2371

Back to search

CVE-2007-2371

Published: Apr 30, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action.

VendorProductVersions

n/a

n/a

affected
n/a

References

23342
vdb-entry
x_refsource_BID
3671
exploit
x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now