CVE-2007-3215

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in packagist/phpmailer/phpmailer

Identifiers

GHSA-6h78-85v2-mmch, CVE-2007-3215

Package Slug

packagist/phpmailer/phpmailer

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.

Affected Versions

All versions before 1.7.4

Solution

Upgrade to version 1.7.4 or above.

Last Modified

2024-02-05

source