vendor:
LetterIt Newsletter Manager
by:
NoGe
7.5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: LetterIt Newsletter Manager
Affected Version From: 2
Affected Version To: 2
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
LetterIt 2 Local File Inclusion Vulnerability
LetterIt Newsletter Manager version 2 is vulnerable to a Local File Inclusion vulnerability. This vulnerability is due to the application failing to properly sanitize user-supplied input to the 'language' parameter of the 'wysiwyg.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters to the vulnerable script. This can allow the attacker to include arbitrary local files from the web server, resulting in the disclosure of sensitive information.
Mitigation:
Input validation should be used to ensure that user-supplied input is properly sanitized.
