PT-2007-3347 · Inout · Inoutmailinglistmanager

Blackhawk

Published

2007-04-12

Updated

2017-10-11

CVE-2007-2003

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions InoutMailingListManager versions 3.1 and earlier

Description The issue allows remote attackers to access certain restricted functionality and upload and execute arbitrary PHP code by ignoring a Location redirect header sent after an authorization check fails.

Recommendations For InoutMailingListManager versions 3.1 and earlier, update to a version that properly exits after an authorization check fails to prevent access to restricted functionality and arbitrary code execution.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2003

Affected Products

Inoutmailinglistmanager

PT-2007-3347 · Inout · Inoutmailinglistmanager

CVE-2007-2003

Related Identifiers

Affected Products

References · 4