CVE-2007-3215

2007-06-14T22:30:00
ID CVE-2007-3215
Type cve
Reporter cve@mitre.org
Modified 2018-10-16T16:47:00

Description

PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. Successful exploitation requires that the PHP script using PHPMailer is configured to send e-mails with the Sendmail method, and that the script does not sanitise data before storing it in the Sender property.