CVE-2017-15967

CRITICAL

Mailing List Manager Pro 3.0 - SQL Injection via Edit Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-15967. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Mailing List Manager Pro 3.0. The PoC provides a crafted URL with SQLi payloads to extract database information such as user, database name, and version.

Description

Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.

Exploits (1)

exploitdb WORKING POC
by Ihsan Sencan · textwebappsphp
https://www.exploit-db.com/exploits/43092

This exploit demonstrates a SQL injection vulnerability in Mailing List Manager Pro 3.0. The PoC provides a crafted URL with SQLi payloads to extract database information such as user, database name, and version.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Mailing List Manager Pro 3.0
No auth needed
Prerequisites: Access to the vulnerable application URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/144437/Mailing-List-Manager-Pro-3.0-SQL-Injection.html
Exploit, Issue Tracking, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43092/

Scores

CVSS v3 9.8
EPSS 0.0207
EPSS Percentile 78.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
mailing-manager/mailing_list_manager_pro 3.0
Published Oct 29, 2017
Tracked Since Feb 18, 2026