Release DateJul 04, 2007 |
Severitylow |
ImpactSystem compromise. |
DescriptionWAnewsletter has a remote file include vulnerability. A remote attacker could execute an arbitrary script on a vulnerable web server with the privileges of the server. The vulnerability can be exploited via a specially crafted URL request to the 'newsletter.php' script, using the 'waroot' parameter to specify a malicious PHP file from a remote system. |
Affected ProductsWAnewsletter version 2.1.3 and prior. |
Recommended ActionsCurrently we are not aware of any official supplied fix for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-2969 |
Reference/shttp://www.securityfocus.com/bid/24177 (BugTraq) |
