Remote Code Execution (RCE)

2017-11-1610:34:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.146

Percentile

95.8%

JSON

zetacomponents/mail is vulnerable to remote code execution (RCE) attacks. The attacks can be launched using a malicious email address (for example: -X/path/to/wwwroot/file.php) since the application does not restrict the set of characters used in ezcMail returnPath property.