12 matches found
Remote code execution in PHPMailer
Impact The mailSend function in the default isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property. Patches Fixed in 5.2.18 Workaround...
GHSA-5F37-GXVH-23V6 Remote code execution in PHPMailer
Impact The mailSend function in the default isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property. Patches Fixed in 5.2.18 Workaround...
PHPMailer PwnScriptum Remote Code Execution
Added: 01/05/2017 BID: 95108 Background PHPMailer is a PHP class used for sending email from PHP. It is used by many open-source projects, e.g., WordPress, Drupal, and Joomla. Problem PHPMailer class mailSend function is vulnerable to command injection due to failure to properly sanitize the...
Command injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property...
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property...
ALPINE-CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property...
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property...
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property...
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property...
CVE-2016-10033
PHPMailer CVE-2016-10033 affects the isMail transport in PHPMailer prior to 5.2.18, where an attacker can craft the Sender property to inject an extra parameter to the mail() call and achieve remote code execution on the web server. Related entries note the issue as a fix in PHPMailer versions 5....
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property...
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \” backslash double quote in a crafted Sender property. Recent assessments: Assessed Attacker Value: 0...