PT-2007-1821 · Sme · Sme Filemailer

Published

2007-01-19

Updated

2017-07-29

CVE-2007-0350

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: SmE FileMailer versions 1.21 and earlier

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in the index.php and dl.php files. The vulnerable parameters are ps, us, f, and code.

Recommendations: For SmE FileMailer versions 1.21 and earlier, consider disabling the index.php and dl.php files or restricting access to them until a patch is available. Avoid using the parameters ps, us, f, and code in the affected files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2007-0350

Affected Products

Sme Filemailer

PT-2007-1821 · Sme · Sme Filemailer

CVE-2007-0350

Weakness Enumeration

Related Identifiers

Affected Products

References · 6