PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phpmailer | Phpmailer | 1.7 (including) | 1.7 (including) |
Phpmailer | Phpmailer | 1.7.1 (including) | 1.7.1 (including) |
Phpmailer | Phpmailer | 1.7.2 (including) | 1.7.2 (including) |
Phpmailer | Phpmailer | 1.7.3 (including) | 1.7.3 (including) |
Phpmailer | Phpmailer | 1.73 (including) | 1.73 (including) |