Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and list_id fields; and send the message via a direct request for the MsgId value under admin/.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Gregory Kokanosky phpMyNewsletter 'send_mod.php'身份认证绕过漏洞
Vulnerability Description
当管理证书丢失时,Gregory Kokanosky phpMyNewsletter中的admin/send_mod.php文件会在不退出的情况下打印Location标头,这使得远程攻击者可以借助带有主题、信息、格式和列表ID字段的POST来组成一个电子邮件信息,然后再借助一个对admin/下的MsgId值的直接请求,发送该信息。
CVSS Information
N/A
Vulnerability Type
N/A