PT-2002-3032 · Mysimplenews · Mysimplenews
Published
2002-12-31
·
Updated
2008-09-05
·
CVE-2002-2320
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions:
MySimpleNews version 1.0
Description:
The issue allows remote attackers to delete arbitrary email messages. This is achieved by sending a direct request to the "vider.php3" API endpoint.
Recommendations:
For MySimpleNews version 1.0, consider restricting access to the "vider.php3" endpoint until a patch is available. As a temporary workaround, disabling the functionality that handles requests to "vider.php3" may help minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mysimplenews