Inoutmailinglistmanager : Security vulnerabilities, CVEs

Copy

CVE-2007-2004

Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors.

Max CVSS

7.5

EPSS Score

0.20%

Published

2007-04-12

Updated

2017-10-11

CVE-2007-2003

InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect.

Max CVSS

6.8

EPSS Score

1.08%

Published

2007-04-12

Updated

2017-10-11

CVE-2007-2002

InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie.

Max CVSS

6.8

EPSS Score

1.08%

Published

2007-04-12

Updated

2017-10-11

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!