cbcvebase.

Gregory Kokanosky Phpmynewsletter vulnerabilities

4 known vulnerabilities affecting gregory_kokanosky/phpmynewsletter.

Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2007-2372P3CRITICALCVSS 10.0PoC≤ 0.8_beta_52007-04-30
CVE-2007-2372 [CRITICAL] CVE-2007-2372: admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location head admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and list_id fields; and send the message via a direct request for the MsgId value under
nvd
CVE-2007-2371P3CRITICALCVSS 10.0PoC≤ 0.8_beta_52007-04-30
CVE-2007-2371 [CRITICAL] CVE-2007-2371: admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to config admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action.
nvd
CVE-2008-1295P3MEDIUMCVSS 6.8PoC≤ 0.8_beta_52008-03-12
CVE-2008-1295 [MEDIUM] CWE-89 CVE-2008-1295: SQL injection vulnerability in archives.php in Gregory Kokanosky (aka Greg's Place) phpMyNewsletter SQL injection vulnerability in archives.php in Gregory Kokanosky (aka Greg's Place) phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msg_id parameter.
nvd
CVE-2002-1887P3HIGHCVSS 7.5PoCv0.6.102002-12-31
CVE-2002-1887 [HIGH] CVE-2002-1887: PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote at PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote attackers to execute arbitrary PHP code via the l parameter.
nvd
Gregory Kokanosky Phpmynewsletter vulnerabilities | cvebase