1. CVE-Search
  2. CVE-2007-3215
ID CVE-2007-3215
Summary PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. Successful exploitation requires that the PHP script using PHPMailer is configured to send e-mails with the Sendmail method, and that the script does not sanitise data before storing it in the Sender property.
References
Vulnerable Configurations
  • cpe:2.3:a:phpmailer:phpmailer:1.7:*:*:*:*:*:*:*
    cpe:2.3:a:phpmailer:phpmailer:1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:phpmailer:phpmailer:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:phpmailer:phpmailer:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:phpmailer:phpmailer:1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:phpmailer:phpmailer:1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:phpmailer:phpmailer:1.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:phpmailer:phpmailer:1.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:phpmailer:phpmailer:1.73:*:*:*:*:*:*:*
    cpe:2.3:a:phpmailer:phpmailer:1.73:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 16-10-2018 - 16:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 24417
bugtraq 20070611 PHPMailer command execution
confirm http://sourceforge.net/project/shownotes.php?release_id=517428&group_id=157374
debian DSA-1315
fulldisc 20111005 vTiger CRM 5.2.x <= Remote Code Execution Vulnerability
misc
osvdb
  • 37206
  • 76139
secunia
  • 25626
  • 25755
  • 25758
sreason 2802
vupen
  • ADV-2007-2161
  • ADV-2007-2267
xf phpmailer-popen-command-execution(34818)
Last major update 16-10-2018 - 16:47
Published 14-06-2007 - 22:30
Last modified 16-10-2018 - 16:47
Back to Top