CVE-2007-6551

MailMachine Pro <2.2.6 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6551. PoCs published by MhZ91.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in MailMachine Pro 2.2.4, allowing an attacker to extract admin credentials via a crafted URL. The PoC uses a UNION-based SQLi to retrieve user_id and password from the mailmachine_users table.

Description

SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, and other versions before 2.2.6, allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MhZ91 · textwebappsphp

https://www.exploit-db.com/exploits/4788

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in MailMachine Pro 2.2.4, allowing an attacker to extract admin credentials via a crafted URL. The PoC uses a UNION-based SQLi to retrieve user_id and password from the mailmachine_users table.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: MailMachine Pro 2.2.4

No auth needed

Prerequisites: Target application must be accessible · showMsg.php must be vulnerable to SQLi

MITRE ATT&CK