CVE-2007-2004

InoutMailingListManager < 3.1 - SQL Injection via id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2004. PoCs published by BlackHawk.

AI-analyzed exploit summary This exploit leverages an authentication bypass vulnerability in InoutMailingListManager <= 3.1 to upload a malicious PHP file, which then executes arbitrary commands on the target system. It also retrieves database credentials from the application's configuration file.

Description

Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED
by BlackHawk · phpwebappsphp
https://www.exploit-db.com/exploits/3702

This exploit leverages an authentication bypass vulnerability in InoutMailingListManager <= 3.1 to upload a malicious PHP file, which then executes arbitrary commands on the target system. It also retrieves database credentials from the application's configuration file.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: InoutMailingListManager <= 3.1
No auth needed
Prerequisites: Target must have InoutMailingListManager <= 3.1 installed · PHP file upload functionality must be accessible
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24842
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3702
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1345

Scores

EPSS 0.0102
EPSS Percentile 58.9%

Details

Status published
Products (1)
inoutmailinglistmanager/inoutmailinglistmanager < 3.1
Published Apr 12, 2007
Tracked Since Feb 18, 2026