Lucene search

[email protected]CVE-2007-0350

HistoryJan 19, 2007 - 1:28 a.m.

CVE-2007-0350

2007-01-1901:28:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

sme filemailer

index.php

dl.php

remote attackers

cve-2007-0350

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

71.8%

JSON

Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346.

CPENameOperatorVersion
sme:filemailersme filemailerle1.21

CPE	Name	Operator	Version
sme:filemailer	sme filemailer	le	1.21

References

archives.neohapsis.com/archives/bugtraq/2007-01/0395.html

attrition.org/pipermail/vim/2007-January/001244.html

osvdb.org/32833

www.vupen.com/english/advisories/2007/0221

exchange.xforce.ibmcloud.com/vulnerabilities/31533

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

71.8%

JSON

Related for CVE-2007-0350

prion2 cve1 securityvulns1