Remote Code Execution (RCE)

PHPMailer is vulnerable to remote code execution RCE attacks. It is possible because it uses escapeshellcmd which does not properly escape the injected extra parameters through the sendmailSend function. Using this flaw, attackers can inject parameters and launch the execution of arbitrary code...

CVE-2007-3215

PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php...

CVE-2007-3215

PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php...

PT-2007-4494 · Php · Phpmailer

Name of the Vulnerable Software and Affected Versions: PHPMailer versions 1.7 through 1.7.3 PHPMailer versions prior to 1.7.4 Description: The issue allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. This is a...