Unrated severityNVD Advisory· Published Dec 28, 2006· Updated Apr 23, 2026

CVE-2006-6785

Description

The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability.

Affected products

Open Newsletter/Open Newsletter2 versions
cpe:2.3:a:open_newsletter:open_newsletter:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:open_newsletter:open_newsletter:*:*:*:*:*:*:*:*range: <=2.5
- cpe:2.3:a:open_newsletter:open_newsletter:2.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/21775nvdExploit
secunia.com/advisories/23476nvd
www.exploit-db.com/exploits/2981nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.021
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000