CVE-2006-2609

Name of the Vulnerable Software and Affected Versions artmedic newsletter versions 4.1.2 and possibly other versions

Description The issue allows remote attackers to modify arbitrary files and execute arbitrary PHP code when the register globals setting is enabled. This is achieved via the email parameter to the "newsletter log.php" endpoint.

Recommendations For version 4.1.2, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to the "newsletter log.php" endpoint until a patch is available. Avoid using the email parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.