Lucene search

[email protected]CVE-2007-0350

HistoryJan 19, 2007 - 1:28 a.m.

CVE-2007-0350

2007-01-1901:28:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

sme filemailer

index.php

dl.php

remote attackers

cve-2007-0350

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.1%

JSON

Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346.

Affected configurations

NVD

Node

smefilemailerRange≤1.21

CPENameOperatorVersion
sme:filemailersme filemailerle1.21

CPE	Name	Operator	Version
sme:filemailer	sme filemailer	le	1.21

References

archives.neohapsis.com/archives/bugtraq/2007-01/0395.html

attrition.org/pipermail/vim/2007-January/001244.html

osvdb.org/32833

www.vupen.com/english/advisories/2007/0221

exchange.xforce.ibmcloud.com/vulnerabilities/31533

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.1%

JSON

Related for CVE-2007-0350

cvelist2 nvd2 prion2 cve1 securityvulns1