CVE-2006-6785

Name of the Vulnerable Software and Affected Versions: Open Newsletter versions 2.5 and earlier

Description: The issue concerns the settings.php and subscribers.php scripts, which do not properly exit when authentication fails. This allows remote attackers to potentially perform unauthorized administrative actions or execute arbitrary code, especially when combined with another vulnerability.

Recommendations: For Open Newsletter versions 2.5 and earlier, consider temporarily restricting access to the settings.php and subscribers.php scripts until a proper fix is available. As a mitigation measure, ensure that authentication mechanisms are properly validated and exit the script when authentication fails to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.