VYPR
Unrated severityNVD Advisory· Published May 26, 2006· Updated Jun 16, 2026

CVE-2006-2608

CVE-2006-2608

Description

artmedic newsletter 4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an attacker-controlled value, as demonstrated by injecting PHP code into info.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:artmedic_webdesign:artmedic_newsletter:4.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:artmedic_webdesign:artmedic_newsletter:4.1:*:*:*:*:*:*:*
    • (no CPE)range: = 4.1

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.