Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Artmedic Webdesign Subscribe
Filtered by product Artmedic Newsletter
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2608 1 Artmedic Webdesign 1 Artmedic Newsletter 2018-10-18 5.1 MEDIUM N/A
artmedic newsletter 4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an attacker-controlled value, as demonstrated by injecting PHP code into info.php.
CVE-2006-2609 1 Artmedic Webdesign 1 Artmedic Newsletter 2011-03-07 5.1 MEDIUM N/A
artmedic newsletter 4.1.2 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletter_log.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.