CVE-2007-2003

InoutMailingListManager <3.1 - Open Redirect

Title source: llm

Description

InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BlackHawk · phpwebappsphp

https://www.exploit-db.com/exploits/3702

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3702

[Third Party Advisory] http://secunia.com/advisories/24842

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1345

Scores

EPSS 0.0624

EPSS Percentile 90.9%

Details

Status published

Products (1)

inoutmailinglistmanager/inoutmailinglistmanager < 3.1

Published Apr 12, 2007

Tracked Since Feb 18, 2026