CVE-2006-6785 : The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and

The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability.

Published 2006-12-28 00:28:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2006-6785

Open Newsletter » Open Newsletter
Versions up to, including, (<=) 2.5
cpe:2.3:a:open_newsletter:open_newsletter:*:*:*:*:*:*:*:*
Matching versions
Open Newsletter » Open Newsletter » Version: 2.0
cpe:2.3:a:open_newsletter:open_newsletter:2.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-6785

EPSS FAQ

7.98%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-6785

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-6785

Jump to

Vulnerability Details : CVE-2006-6785

Products affected by CVE-2006-6785

Exploit prediction scoring system (EPSS) score for CVE-2006-6785

CVSS scores for CVE-2006-6785

References for CVE-2006-6785