CVE-2008-6046

Name of the Vulnerable Software and Affected Versions ADbNewsSender versions prior to 1.5.2

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is possible via unspecified vectors in files such as opt in out.php.inc, confirmation.php.inc, and renewal.php.inc, which are located in the mailinglist/ directory.

Recommendations For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected files opt in out.php.inc, confirmation.php.inc, and renewal.php.inc in the mailinglist/ directory until the update is applied.