8 matches found
GHSA-HGR8-G756-VMG9 Zeta Components Mail Arbitrary code execution via a crafted email address
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one...
Zeta Components Mail Arbitrary code execution via a crafted email address
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one...
Zeta Components Mail 1.8.1 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: 'email protected -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into...
Zeta Components Mail 1.8.1 - Remote Code Execution
Zeta Components Mail 1.8.1 - Remote Code Execution Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: '[email protected] -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into...
Zeta Components Mail 1.8.1 - Remote Code Execution
Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: '[email protected] -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into /var/www/html/cache/exploit.php. The resulting file will contain t...
Code injection
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one...
CVE-2017-15806
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one...
CVE-2017-15806
The CVE-2017-15806 issue affects Zeta Components Mail (ezcMailMtaTransport) prior to 1.8.2. The send() method uses PHP mail() and constructs the 5th parameter with -f{returnPath}, and improper restriction of characters in ezcMail returnPath permits a crafted address to trigger arbitrary code exec...