|
Description
|
|
A vulnerability has been identified in DSNewsletter, which may be exploited by remote attackers to execute arbitrary SQL commands. This flaw is due to input validation errors in the "include/sub.php", "include/confirm.php" and "include/unconfirm.php" scripts that do not validate the "email" parameter before being used in SQL statements, which could be exploited by malicious people to conduct SQL injection attacks.
|
