Unrated severityNVD Advisory· Published May 26, 2006· Updated Jun 16, 2026
CVE-2006-2608
CVE-2006-2608
Description
artmedic newsletter 4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an attacker-controlled value, as demonstrated by injecting PHP code into info.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:artmedic_webdesign:artmedic_newsletter:4.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:artmedic_webdesign:artmedic_newsletter:4.1:*:*:*:*:*:*:*
- (no CPE)range: = 4.1
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.