Headline
GHSA-6h78-85v2-mmch: PHPMailer Shell command injection
PHPMailer before 1.7.4, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
Impact
Shell command injection, remotely exploitable if host application does not filter user data appropriately.
Patches
Fixed in 1.7.4
Workarounds
Filter and validate user-supplied data before putting in the into the Sender property.
References
https://nvd.nist.gov/vuln/detail/CVE-2007-3215
For more information
If you have any questions or comments about this advisory:
- Open a private issue in the PHPMailer project
Package
composer phpmailer/phpmailer (Composer)
Affected versions
< 1.7.4
Patched versions
1.7.4
Description
PHPMailer before 1.7.4, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
Impact
Shell command injection, remotely exploitable if host application does not filter user data appropriately.
Patches
Fixed in 1.7.4
Workarounds
Filter and validate user-supplied data before putting in the into the Sender property.
References
https://nvd.nist.gov/vuln/detail/CVE-2007-3215
For more information
If you have any questions or comments about this advisory:
- Open a private issue in the PHPMailer project
References
- GHSA-6h78-85v2-mmch
- https://cxsecurity.com/issue/WLB-2007060063
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34818
- https://seclists.org/fulldisclosure/2011/Oct/223
- https://sourceforge.net/p/phpmailer/bugs/192/
- https://web.archive.org/web/20070714054359/http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/
- https://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce
Synchro published to PHPMailer/PHPMailer
Mar 5, 2020
Published to the GitHub Advisory Database
Feb 2, 2024
Reviewed
Feb 2, 2024
Last updated
Feb 2, 2024