PT-2009-1521 · Unknown · Adbnewssender
Published
2009-02-04
·
Updated
2017-12-12
·
CVE-2008-6046
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ADbNewsSender versions prior to 1.5.2
Description
A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is possible via unspecified vectors in files such as opt in out.php.inc, confirmation.php.inc, and renewal.php.inc, which are located in the mailinglist/ directory.
Recommendations
For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected files opt in out.php.inc, confirmation.php.inc, and renewal.php.inc in the mailinglist/ directory until the update is applied.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Adbnewssender