CVE-2007-2371 - Vulnerability Details - OpenCVE

admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gregory Kokanosky	Phpmynewsletter

Configuration 1 [-]

cpe:2.3:a:gregory_kokanosky:phpmynewsletter:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/23342
https://www.exploit-db.com/exploits/3671

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-30T23:00:00

Updated: 2024-08-07T13:33:28.598Z

Reserved: 2007-04-30T00:00:00

Link: CVE-2007-2371

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-04-30T23:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-2371

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-05T00:00:00", "descriptions": [{"lang": "en", "value": "admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "23342", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23342"}, {"name": "3671", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/3671"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2371", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "23342", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23342"}, {"name": "3671", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3671"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:33:28.598Z"}, "title": "CVE Program Container", "references": [{"name": "23342", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23342"}, {"name": "3671", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/3671"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2371", "datePublished": "2007-04-30T23:00:00", "dateReserved": "2007-04-30T00:00:00", "dateUpdated": "2024-08-07T13:33:28.598Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gregory_kokanosky:phpmynewsletter:*:*:*:*:*:*:*:*", "matchCriteriaId": "D741E39E-074C-4BFF-B379-2A3BC48443F6", "versionEndIncluding": "0.8_beta_5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action."}, {"lang": "es", "value": "admin/index.php en Gregory Kokanosky phpMyNewsletter 0.8 beta5 y anteriores provee acceso a la modificaci\u00f3n de la configuraci\u00f3n antes del inicio de sesi\u00f3n, lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (p\u00e9rdida de informaci\u00f3n de configuraci\u00f3n), y posiblemente llevar a cabo inyecci\u00f3n directa de c\u00f3digo est\u00e1tico, mediante la acci\u00f3n saveGlobalconfig."}], "id": "CVE-2007-2371", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-30T23:19:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/23342"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3671"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/23342"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/3671"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}