SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter.Referenceshttps://www.exploit-db.com/exploits/42193/
