admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Newsletter_zws | Zaireweb_solutions | * | * |