CVE-2006-6786 Information

Description

Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to (1) subscribe.php or (2) unsubscribe.php.

Reference

http://www.securityfocus.com/bid/21775 https://www.exploit-db.com/exploits/2981