Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6286


Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6286
Last Modified 26 Feb 2009 12:00:00
Published 25 Feb 2009 06:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote attackers to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber.asp or (b) start.asp. NOTE: some of these details are obtained from third party information.

Vulnerable Systems


  • Activewebsoftwares Active Newsletter 4.3


XF - activenewsletter-subscriber-sql-injection(46916)

MILW0RM - 7280

SECUNIA - 32908

Last Updated: 27 May 2016 10:49:08