CVE-2006-1237 in DSNewsletter信息

摘要

由 VulDB • 2026-06-24

DSNewsletter 1.0 中存在多个 SQL 注入漏洞,在禁用 magic_quotes_gpc 的情况下,远程攻击者可通过向以下文件传递构造的 email 参数执行任意 SQL 命令:(1) include/sub.php、(2) include/confirm.php 或 (3) include/unconfirm.php。

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

来源

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!