CVE-2008-6291

Name of the Vulnerable Software and Affected Versions: Acc PHP eMail version 1.1

Description: The issue allows remote attackers to bypass authentication and gain administrative access. This can be achieved by setting the NEWSLETTERLOGIN cookie to "admin".

Recommendations: For Acc PHP eMail version 1.1, as a temporary workaround, consider restricting access to administrative functions until a patch is available. Avoid using the NEWSLETTERLOGIN cookie to authenticate users in the affected version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.