Vulnerability Details : CVE-2006-6785
The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2006-6785
Probability of exploitation activity in the next 30 days: 1.37%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-6785
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-6785
Products affected by CVE-2006-6785
- cpe:2.3:a:open_newsletter:open_newsletter:*:*:*:*:*:*:*:*
- cpe:2.3:a:open_newsletter:open_newsletter:2.0:*:*:*:*:*:*:*