Edit Report

Our sensors found this exploit at:

Below is a copy:

New eVuln Advisory:
MWNewsletter SQL Injection and XSS Vulnerabilities

eVuln ID: EV0123
CVE: CVE-2006-1690 CVE-2006-1691 CVE-2006-1692
Vendor: Manic Web
Software: MWNewsletter
Sowtware's Web Site:
Versions: 1.0.0b
Critical Level: Moderate
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched. No reply from developer(s)
PoC/Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (

1. SQL Injection.

Vulnerable script: unsubscribe.php

Parameter user_name is not properly sanitized before being used in SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

2. Cross-Site Scripting.

Vulnerable Script: subscribe.php

Parameter user_name is not properly sanitized. This can be used to post arbitrary HTML or web script code.

Available at:

No Patch available.

Discovered by: Aliaksandr Hartsuyeu (

Aliaksandr Hartsuyeu - Penetration Testing Services

Copyright ©2023 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.