Show plain JSON{"id": "CVE-2006-6785", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-12-28T00:28:00.000", "references": [{"url": "http://secunia.com/advisories/23476", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21775", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/2981", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23476", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/21775", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/2981", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability."}, {"lang": "es", "value": "Las secuencias de comandos (1) settings.php y (2) subscribers.php en Open Newsletter 2.5 y anteriores no terminan cuando la autenticaci\u00f3n falla, lo que permite a atacantes remotos ejecutar acciones administrativas no autorizadas, o ejecutar c\u00f3digo de su elecci\u00f3n en conjunci\u00f3n con otra vulnerabilidad."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:open_newsletter:open_newsletter:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F62158FA-3A2E-483F-A037-5846A40BE9DB", "versionEndIncluding": "2.5"}, {"criteria": "cpe:2.3:a:open_newsletter:open_newsletter:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AECC88D1-1290-46B9-BCC4-CD070B7486D0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}