Unrated severityNVD Advisory· Published Jan 19, 2007· Updated Apr 23, 2026

CVE-2007-0350

Description

Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346.

Affected products

Sme/Filemailer
cpe:2.3:a:sme:filemailer:*:*:*:*:*:*:*:*
Range: <=1.21

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.vupen.com/english/advisories/2007/0221nvdVendor Advisory
archives.neohapsis.com/archives/bugtraq/2007-01/0395.htmlnvd
attrition.org/pipermail/vim/2007-January/001244.htmlnvd
osvdb.org/32833nvd
exchange.xforce.ibmcloud.com/vulnerabilities/31533nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000