CVE-2017-9730
CRITICALnuevoMailer <6.0 - SQL Injection
Title source: llmDescription
SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter.
Exploits (1)
Scores
CVSS v3
9.8
EPSS
0.0115
EPSS Percentile
78.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
dfsol/nuevomailer
< 6.0
Published
Jun 19, 2017
Tracked Since
Feb 18, 2026