CVE-2007-2371 Information

Description

admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login which allows remote attackers to cause a denial of service (loss of configuration data) and possibly perform direct static code injection via a saveGlobalconfig action.

Reference

http://www.securityfocus.com/bid/23342 https://www.exploit-db.com/exploits/3671