2 matches found
GHSA-CXF7-M5G2-V594 Zend-Mail remote code execution in zend-mail via Sendmail adapter
When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they c...
PHPMailer Bug Leaves Millions of Websites Open to Attack
UPDATE A critical PHPMailer bug tied to the way websites handle email and feedback forms is leaving millions of websites hosted on popular web-publishing platforms such as WordPress, Drupal and Joomla open to attack. The flaw was disclosed by researcher Dawid Golunski of Legal Hackers, who said t...