SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote malicious users to execute arbitrary SQL commands via the us parameter.
sme filemailer 1.21