CVE-2007-2371

Name of the Vulnerable Software and Affected Versions phpMyNewsletter versions 0.8 beta5 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in the loss of configuration data, and possibly perform direct static code injection. This is achieved through accessing configuration modification before login via a 'saveGlobalconfig' action in the 'admin/index.php' file.

Recommendations For phpMyNewsletter versions 0.8 beta5 and earlier, as a temporary workaround, consider restricting access to the 'admin/index.php' file to prevent unauthorized configuration modifications until a fix is available. Avoid using the 'saveGlobalconfig' action in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.