CVE-2007-2002

InoutMailingListManager < 3.1 - Unauthenticated Arbitrary PHP File Upload and Remote Code Execution via Admin Cookie

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2002. PoCs published by BlackHawk.

AI-analyzed exploit summary This exploit leverages an authentication bypass vulnerability in InoutMailingListManager <= 3.1 to upload a malicious PHP file, which then executes arbitrary commands on the target system. It also retrieves database credentials from the application's configuration file.

Description

InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie.

Exploits (1)

exploitdb WORKING POC VERIFIED
by BlackHawk · phpwebappsphp
https://www.exploit-db.com/exploits/3702

This exploit leverages an authentication bypass vulnerability in InoutMailingListManager <= 3.1 to upload a malicious PHP file, which then executes arbitrary commands on the target system. It also retrieves database credentials from the application's configuration file.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: InoutMailingListManager <= 3.1
No auth needed
Prerequisites: Target must have InoutMailingListManager <= 3.1 installed · PHP file upload functionality must be accessible
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24842
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3702
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1345

Scores

EPSS 0.0201
EPSS Percentile 78.3%

Details

Status published
Products (1)
inoutmailinglistmanager/inoutmailinglistmanager < 3.1
Published Apr 12, 2007
Tracked Since Feb 18, 2026