Remote Code Execution (RCE)

zetacomponents/mail is vulnerable to remote code execution RCE attacks. The attacks can be launched using a malicious email address for example: -X/path/to/wwwroot/file.php since the application does not restrict the set of characters used in ezcMail returnPath property...

Zeta Components Mail 1.8.1 - Remote Code Execution

Zeta Components Mail 1.8.1 - Remote Code Execution Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: '[email protected] -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into...