vendor:
PHPMyNewsletter
by:
Charles 'real' F.
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHPMyNewsletter
Affected Version From: 0.8b5
Affected Version To: 0.8b5
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
PHPMyNewsletter <= 0.8b5 SQL Injection
This exploit gets admin_pass and admin_email from pmnl_config.
Mitigation:
Ensure that the application is not vulnerable to SQL injection attacks by using parameterized queries, stored procedures, and other techniques.