SQL injection vulnerability in FileLister 0.51 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameters, possibly the searchwhat parameter to definesearch.jsp.