Vulnerability-Lookup

CVE-2007-3215 (GCVE-0-2007-3215)

Vulnerability from cvelistv5 – Published: 2007-06-14 22:00 – Updated: 2024-08-07 14:05

Summary

PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

17 references

URL	Tags
http://www.securityfocus.com/archive/1/471065/100…	mailing-listx_refsource_BUGTRAQ
http://www.debian.org/security/2007/dsa-1315	vendor-advisoryx_refsource_DEBIAN
http://sourceforge.net/project/shownotes.php?rele…	x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://secunia.com/advisories/25755	third-party-advisoryx_refsource_SECUNIA
http://securityreason.com/securityalert/2802	third-party-advisoryx_refsource_SREASON
http://osvdb.org/76139	vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/24417	vdb-entryx_refsource_BID
https://sourceforge.net/tracker/index.php?func=de…	x_refsource_MISC
http://osvdb.org/37206	vdb-entryx_refsource_OSVDB
http://www.vupen.com/english/advisories/2007/2267	vdb-entryx_refsource_VUPEN
http://larholm.com/2007/06/11/phpmailer-0day-remo…	x_refsource_MISC
http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.…	x_refsource_MISC
http://secunia.com/advisories/25626	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/25758	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/2161	vdb-entryx_refsource_VUPEN
http://seclists.org/fulldisclosure/2011/Oct/223	mailing-listx_refsource_FULLDISC

Date Public

2007-06-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:05:29.463Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20070611 PHPMailer command execution",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471065/100/0/threaded"
          },
          {
            "name": "DSA-1315",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1315"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=517428\u0026group_id=157374"
          },
          {
            "name": "phpmailer-popen-command-execution(34818)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34818"
          },
          {
            "name": "25755",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25755"
          },
          {
            "name": "2802",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2802"
          },
          {
            "name": "76139",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/76139"
          },
          {
            "name": "24417",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24417"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1734811\u0026group_id=26031\u0026atid=385707"
          },
          {
            "name": "37206",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37206"
          },
          {
            "name": "ADV-2007-2267",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2267"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce"
          },
          {
            "name": "25626",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25626"
          },
          {
            "name": "25758",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25758"
          },
          {
            "name": "ADV-2007-2161",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2161"
          },
          {
            "name": "20111005 vTiger CRM 5.2.x \u003c= Remote Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2011/Oct/223"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20070611 PHPMailer command execution",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/471065/100/0/threaded"
        },
        {
          "name": "DSA-1315",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1315"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=517428\u0026group_id=157374"
        },
        {
          "name": "phpmailer-popen-command-execution(34818)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34818"
        },
        {
          "name": "25755",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25755"
        },
        {
          "name": "2802",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2802"
        },
        {
          "name": "76139",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/76139"
        },
        {
          "name": "24417",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24417"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1734811\u0026group_id=26031\u0026atid=385707"
        },
        {
          "name": "37206",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37206"
        },
        {
          "name": "ADV-2007-2267",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2267"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce"
        },
        {
          "name": "25626",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25626"
        },
        {
          "name": "25758",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25758"
        },
        {
          "name": "ADV-2007-2161",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2161"
        },
        {
          "name": "20111005 vTiger CRM 5.2.x \u003c= Remote Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2011/Oct/223"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3215",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070611 PHPMailer command execution",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/471065/100/0/threaded"
            },
            {
              "name": "DSA-1315",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1315"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=517428\u0026group_id=157374",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=517428\u0026group_id=157374"
            },
            {
              "name": "phpmailer-popen-command-execution(34818)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34818"
            },
            {
              "name": "25755",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25755"
            },
            {
              "name": "2802",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2802"
            },
            {
              "name": "76139",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/76139"
            },
            {
              "name": "24417",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24417"
            },
            {
              "name": "https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1734811\u0026group_id=26031\u0026atid=385707",
              "refsource": "MISC",
              "url": "https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1734811\u0026group_id=26031\u0026atid=385707"
            },
            {
              "name": "37206",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37206"
            },
            {
              "name": "ADV-2007-2267",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2267"
            },
            {
              "name": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/",
              "refsource": "MISC",
              "url": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/"
            },
            {
              "name": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce",
              "refsource": "MISC",
              "url": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce"
            },
            {
              "name": "25626",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25626"
            },
            {
              "name": "25758",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25758"
            },
            {
              "name": "ADV-2007-2161",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2161"
            },
            {
              "name": "20111005 vTiger CRM 5.2.x \u003c= Remote Code Execution Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2011/Oct/223"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3215",
    "datePublished": "2007-06-14T22:00:00.000Z",
    "dateReserved": "2007-06-14T00:00:00.000Z",
    "dateUpdated": "2024-08-07T14:05:29.463Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2007-3215",
      "date": "2026-05-31",
      "epss": "0.04403",
      "percentile": "0.89174"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmailer:phpmailer:1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65A453FF-9AC7-4A84-B1FA-735B38ABEC1C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmailer:phpmailer:1.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3611829-7CF3-43B1-A8AC-979124BE9C79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmailer:phpmailer:1.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D5FB20E-ADCB-4F79-842A-40E692D384C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmailer:phpmailer:1.7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BFE740D-FAD1-4A16-8F49-4FF2BE69C21C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmailer:phpmailer:1.73:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BF4FD90-8B03-4056-9CCD-1F587A163A38\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.\"}, {\"lang\": \"es\", \"value\": \"PHPMailer 1.7, cuando est\\u00e1 configurado para utilizar sendmail, permite a atacantes remotos ejecutar comandos del int\\u00e9rprete de comandos (shell) a trav\\u00e9s de los metacaracter\\u00e9s del int\\u00e9rprete de comandos en la funci\\u00f3n SendmailSend en class.phpmailer.php.\"}]",
      "evaluatorImpact": "Successful exploitation requires that the PHP script using PHPMailer is configured to send e-mails with the Sendmail method, and that the script does not sanitise data before storing it in the Sender property.\r\n",
      "id": "CVE-2007-3215",
      "lastModified": "2024-11-21T00:32:40.863",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2007-06-14T22:30:00.000",
      "references": "[{\"url\": \"http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/37206\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/76139\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2011/Oct/223\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/25626\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/25755\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/25758\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/2802\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sourceforge.net/project/shownotes.php?release_id=517428\u0026group_id=157374\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2007/dsa-1315\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471065/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/24417\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2161\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2267\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/34818\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1734811\u0026group_id=26031\u0026atid=385707\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/37206\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/76139\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2011/Oct/223\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/25626\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/25755\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/25758\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/2802\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sourceforge.net/project/shownotes.php?release_id=517428\u0026group_id=157374\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2007/dsa-1315\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471065/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/24417\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2161\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2267\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/34818\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1734811\u0026group_id=26031\u0026atid=385707\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-3215\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-06-14T22:30:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.\"},{\"lang\":\"es\",\"value\":\"PHPMailer 1.7, cuando est\u00e1 configurado para utilizar sendmail, permite a atacantes remotos ejecutar comandos del int\u00e9rprete de comandos (shell) a trav\u00e9s de los metacaracter\u00e9s del int\u00e9rprete de comandos en la funci\u00f3n SendmailSend en class.phpmailer.php.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmailer:phpmailer:1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65A453FF-9AC7-4A84-B1FA-735B38ABEC1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmailer:phpmailer:1.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3611829-7CF3-43B1-A8AC-979124BE9C79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmailer:phpmailer:1.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D5FB20E-ADCB-4F79-842A-40E692D384C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmailer:phpmailer:1.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BFE740D-FAD1-4A16-8F49-4FF2BE69C21C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmailer:phpmailer:1.73:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BF4FD90-8B03-4056-9CCD-1F587A163A38\"}]}]}],\"references\":[{\"url\":\"http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/37206\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/76139\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2011/Oct/223\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25626\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25755\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25758\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/2802\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=517428\u0026group_id=157374\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2007/dsa-1315\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/471065/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/24417\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2161\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2267\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34818\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1734811\u0026group_id=26031\u0026atid=385707\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/37206\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/76139\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2011/Oct/223\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25626\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25755\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25758\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/2802\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=517428\u0026group_id=157374\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2007/dsa-1315\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/471065/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/24417\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2161\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34818\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1734811\u0026group_id=26031\u0026atid=385707\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorImpact\":\"Successful exploitation requires that the PHP script using PHPMailer is configured to send e-mails with the Sendmail method, and that the script does not sanitise data before storing it in the Sender property.\\r\\n\"}}"
  }
}

CERTA-2007-AVI-274

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans la bibliothèque PHPMailer permet l'exécution de code arbitraire à distance.

Description

La librairie PHPMailer permet d'envoyer des courriers électroniques depuis une application PHP. Lorsqu'elle est configurée pour utiliser la commande sendmail, une vulnérabilité au niveau de la validation des champs saisis permet l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les applications utilisant la bibliothèque PHPMailer 1.7 configurée pour utiliser sendmail.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Debian 1315 du 19 juin 2007	None	vendor-advisory
Bulletin de sécurité Debian DSA 1315 du 20 juin 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLes applications utilisant la  biblioth\u00e8que \u003cSPAN class=\"textit\"\u003ePHPMailer\u003c/SPAN\u003e 1.7 configur\u00e9e  pour utiliser \u003cSPAN class=\"textit\"\u003esendmail\u003c/SPAN\u003e.\u003c/p\u003e",
  "content": "## Description\n\nLa librairie PHPMailer permet d\u0027envoyer des courriers \u00e9lectroniques\ndepuis une application PHP. Lorsqu\u0027elle est configur\u00e9e pour utiliser la\ncommande sendmail, une vuln\u00e9rabilit\u00e9 au niveau de la validation des\nchamps saisis permet l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-3215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3215"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1315 du 20 juin 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1315"
    }
  ],
  "reference": "CERTA-2007-AVI-274",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-06-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans la biblioth\u00e8que \u003cspan\nclass=\"textit\"\u003ePHPMailer\u003c/span\u003e permet l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans PHPMailer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Debian 1315 du 19 juin 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-566

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans le gestionnaire de contenus Mambo. L'exploitation de ces dernières par le biais de pages web spécialement construites peut conduire à l'exécution de code arbitraire sur le système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le gestionnaire de contenus Mambo. L'une d'elles est similaire à celle mentionnée dans l'avis CERTA-2007-AVI-274 concernant PHPMailer. D'autres sont des vulnérabilités permettant d'effectuer des injections indirectes de code (XSS).

L'exploitation de plusieurs de ces vulnérabilités par le biais de pages web spécialement construites peut conduire à l'exécution de code arbitraire sur le système vulnérable.

Solution

Se référer à la mise à jour du projet Mambo pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	les versions de Mambo antérieures à 4.6.3.

References

Title

Publication Time

Tags

Annonce de la publication Mambo version 4.6.3 du 24 décembre 2007	None	vendor-advisory
Site officiel du projet Mambo, et annonce de la version 4.6.3 du 24 décembre 2007 :	-	other
Document du CERTA CERTA-2007-AVI-274 du 20 juin 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "les versions de Mambo ant\u00e9rieures \u00e0 4.6.3.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le gestionnaire de\ncontenus Mambo. L\u0027une d\u0027elles est similaire \u00e0 celle mentionn\u00e9e dans\nl\u0027avis CERTA-2007-AVI-274 concernant PHPMailer. D\u0027autres sont des\nvuln\u00e9rabilit\u00e9s permettant d\u0027effectuer des injections indirectes de code\n(XSS).\n\nL\u0027exploitation de plusieurs de ces vuln\u00e9rabilit\u00e9s par le biais de pages\nweb sp\u00e9cialement construites peut conduire \u00e0 l\u0027ex\u00e9cution de code\narbitraire sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer \u00e0 la mise \u00e0 jour du projet Mambo pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-3215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3215"
    }
  ],
  "links": [
    {
      "title": "Site officiel du projet Mambo, et annonce de la version    4.6.3 du 24 d\u00e9cembre 2007 :",
      "url": "http://source.mambo-foundation.org"
    },
    {
      "title": "Document du CERTA CERTA-2007-AVI-274 du 20 juin 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-274/index.html"
    }
  ],
  "reference": "CERTA-2007-AVI-566",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-12-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le gestionnaire de\ncontenus Mambo. L\u0027exploitation de ces derni\u00e8res par le biais de pages\nweb sp\u00e9cialement construites peut conduire \u00e0 l\u0027ex\u00e9cution de code\narbitraire sur le syst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mambo",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonce de la publication Mambo version 4.6.3 du 24 d\u00e9cembre 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-274

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans la bibliothèque PHPMailer permet l'exécution de code arbitraire à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les applications utilisant la bibliothèque PHPMailer 1.7 configurée pour utiliser sendmail.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Debian 1315 du 19 juin 2007	None	vendor-advisory
Bulletin de sécurité Debian DSA 1315 du 20 juin 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLes applications utilisant la  biblioth\u00e8que \u003cSPAN class=\"textit\"\u003ePHPMailer\u003c/SPAN\u003e 1.7 configur\u00e9e  pour utiliser \u003cSPAN class=\"textit\"\u003esendmail\u003c/SPAN\u003e.\u003c/p\u003e",
  "content": "## Description\n\nLa librairie PHPMailer permet d\u0027envoyer des courriers \u00e9lectroniques\ndepuis une application PHP. Lorsqu\u0027elle est configur\u00e9e pour utiliser la\ncommande sendmail, une vuln\u00e9rabilit\u00e9 au niveau de la validation des\nchamps saisis permet l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-3215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3215"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1315 du 20 juin 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1315"
    }
  ],
  "reference": "CERTA-2007-AVI-274",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-06-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans la biblioth\u00e8que \u003cspan\nclass=\"textit\"\u003ePHPMailer\u003c/span\u003e permet l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans PHPMailer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Debian 1315 du 19 juin 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-566

Vulnerability from certfr_avis - Published: - Updated:

Description

L'exploitation de plusieurs de ces vulnérabilités par le biais de pages web spécialement construites peut conduire à l'exécution de code arbitraire sur le système vulnérable.

Solution

Se référer à la mise à jour du projet Mambo pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	les versions de Mambo antérieures à 4.6.3.

References

Title

Publication Time

Tags

Annonce de la publication Mambo version 4.6.3 du 24 décembre 2007	None	vendor-advisory
Site officiel du projet Mambo, et annonce de la version 4.6.3 du 24 décembre 2007 :	-	other
Document du CERTA CERTA-2007-AVI-274 du 20 juin 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "les versions de Mambo ant\u00e9rieures \u00e0 4.6.3.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le gestionnaire de\ncontenus Mambo. L\u0027une d\u0027elles est similaire \u00e0 celle mentionn\u00e9e dans\nl\u0027avis CERTA-2007-AVI-274 concernant PHPMailer. D\u0027autres sont des\nvuln\u00e9rabilit\u00e9s permettant d\u0027effectuer des injections indirectes de code\n(XSS).\n\nL\u0027exploitation de plusieurs de ces vuln\u00e9rabilit\u00e9s par le biais de pages\nweb sp\u00e9cialement construites peut conduire \u00e0 l\u0027ex\u00e9cution de code\narbitraire sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer \u00e0 la mise \u00e0 jour du projet Mambo pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-3215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3215"
    }
  ],
  "links": [
    {
      "title": "Site officiel du projet Mambo, et annonce de la version    4.6.3 du 24 d\u00e9cembre 2007 :",
      "url": "http://source.mambo-foundation.org"
    },
    {
      "title": "Document du CERTA CERTA-2007-AVI-274 du 20 juin 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-274/index.html"
    }
  ],
  "reference": "CERTA-2007-AVI-566",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-12-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le gestionnaire de\ncontenus Mambo. L\u0027exploitation de ces derni\u00e8res par le biais de pages\nweb sp\u00e9cialement construites peut conduire \u00e0 l\u0027ex\u00e9cution de code\narbitraire sur le syst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mambo",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonce de la publication Mambo version 4.6.3 du 24 d\u00e9cembre 2007",
      "url": null
    }
  ]
}

FKIE_CVE-2007-3215

Vulnerability from fkie_nvd - Published: 2007-06-14 22:30 - Updated: 2026-04-23 00:35

Severity

Summary

PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.

References

URL	Tags
cve@mitre.org	http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/
cve@mitre.org	http://osvdb.org/37206
cve@mitre.org	http://osvdb.org/76139
cve@mitre.org	http://seclists.org/fulldisclosure/2011/Oct/223
cve@mitre.org	http://secunia.com/advisories/25626	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/25755
cve@mitre.org	http://secunia.com/advisories/25758
cve@mitre.org	http://securityreason.com/securityalert/2802
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=517428&group_id=157374
cve@mitre.org	http://www.debian.org/security/2007/dsa-1315
cve@mitre.org	http://www.securityfocus.com/archive/1/471065/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/24417
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2161
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2267
cve@mitre.org	http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34818
cve@mitre.org	https://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707
af854a3a-2127-422b-91ae-364da2661108	http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37206
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/76139
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2011/Oct/223
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25626	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25755
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25758
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/2802
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=517428&group_id=157374
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2007/dsa-1315
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/471065/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24417
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2161
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2267
af854a3a-2127-422b-91ae-364da2661108	http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34818
af854a3a-2127-422b-91ae-364da2661108	https://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707

Impacted products

Vendor	Product	Version
phpmailer	phpmailer	1.7
phpmailer	phpmailer	1.7.1
phpmailer	phpmailer	1.7.2
phpmailer	phpmailer	1.7.3
phpmailer	phpmailer	1.73

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpmailer:phpmailer:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "65A453FF-9AC7-4A84-B1FA-735B38ABEC1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmailer:phpmailer:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3611829-7CF3-43B1-A8AC-979124BE9C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmailer:phpmailer:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D5FB20E-ADCB-4F79-842A-40E692D384C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmailer:phpmailer:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BFE740D-FAD1-4A16-8F49-4FF2BE69C21C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmailer:phpmailer:1.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BF4FD90-8B03-4056-9CCD-1F587A163A38",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php."
    },
    {
      "lang": "es",
      "value": "PHPMailer 1.7, cuando est\u00e1 configurado para utilizar sendmail, permite a atacantes remotos ejecutar comandos del int\u00e9rprete de comandos (shell) a trav\u00e9s de los metacaracter\u00e9s del int\u00e9rprete de comandos en la funci\u00f3n SendmailSend en class.phpmailer.php."
    }
  ],
  "evaluatorImpact": "Successful exploitation requires that the PHP script using PHPMailer is configured to send e-mails with the Sendmail method, and that the script does not sanitise data before storing it in the Sender property.\r\n",
  "id": "CVE-2007-3215",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-06-14T22:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37206"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/76139"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2011/Oct/223"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25626"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25755"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25758"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2802"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=517428\u0026group_id=157374"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1315"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/471065/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24417"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2161"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2267"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34818"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1734811\u0026group_id=26031\u0026atid=385707"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/76139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2011/Oct/223"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25758"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=517428\u0026group_id=157374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/471065/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34818"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1734811\u0026group_id=26031\u0026atid=385707"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-6H78-85V2-MMCH

Vulnerability from github – Published: 2024-02-02 20:43 – Updated: 2024-02-02 20:43

Summary

PHPMailer Shell command injection

Details

PHPMailer before 1.7.4, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.

Impact

Shell command injection, remotely exploitable if host application does not filter user data appropriately.

Patches

Fixed in 1.7.4

Workarounds

Filter and validate user-supplied data before putting in the into the Sender property.

References

https://nvd.nist.gov/vuln/detail/CVE-2007-3215

For more information

If you have any questions or comments about this advisory: * Open a private issue in the PHPMailer project

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "phpmailer/phpmailer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.7.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2007-3215"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-02T20:43:55Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "PHPMailer before 1.7.4, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in `class.phpmailer.php`.\n\n### Impact\nShell command injection, remotely exploitable if host application does not filter user data appropriately.\n\n### Patches\nFixed in 1.7.4\n\n### Workarounds\nFilter and validate user-supplied data before putting in the into the `Sender` property.\n\n### References\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-3215\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer)",
  "id": "GHSA-6h78-85v2-mmch",
  "modified": "2024-02-02T20:43:55Z",
  "published": "2024-02-02T20:43:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-6h78-85v2-mmch"
    },
    {
      "type": "WEB",
      "url": "https://cxsecurity.com/issue/WLB-2007060063"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34818"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/PHPMailer/PHPMailer"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2011/Oct/223"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/phpmailer/bugs/192"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20070714054359/http://larholm.com/2007/06/11/phpmailer-0day-remote-execution"
    },
    {
      "type": "WEB",
      "url": "https://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "PHPMailer Shell command injection"
}

GSD-2007-3215

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.

Aliases

CVE-2007-3215

Aliases

CVE-2007-3215

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-3215",
    "description": "PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.",
    "id": "GSD-2007-3215",
    "references": [
      "https://www.debian.org/security/2007/dsa-1315"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-3215"
      ],
      "details": "PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.",
      "id": "GSD-2007-3215",
      "modified": "2023-12-13T01:21:42.446889Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-3215",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20070611 PHPMailer command execution",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/471065/100/0/threaded"
          },
          {
            "name": "DSA-1315",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2007/dsa-1315"
          },
          {
            "name": "http://sourceforge.net/project/shownotes.php?release_id=517428\u0026group_id=157374",
            "refsource": "CONFIRM",
            "url": "http://sourceforge.net/project/shownotes.php?release_id=517428\u0026group_id=157374"
          },
          {
            "name": "phpmailer-popen-command-execution(34818)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34818"
          },
          {
            "name": "25755",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25755"
          },
          {
            "name": "2802",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/2802"
          },
          {
            "name": "76139",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/76139"
          },
          {
            "name": "24417",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24417"
          },
          {
            "name": "https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1734811\u0026group_id=26031\u0026atid=385707",
            "refsource": "MISC",
            "url": "https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1734811\u0026group_id=26031\u0026atid=385707"
          },
          {
            "name": "37206",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/37206"
          },
          {
            "name": "ADV-2007-2267",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2267"
          },
          {
            "name": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/",
            "refsource": "MISC",
            "url": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/"
          },
          {
            "name": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce",
            "refsource": "MISC",
            "url": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce"
          },
          {
            "name": "25626",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25626"
          },
          {
            "name": "25758",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25758"
          },
          {
            "name": "ADV-2007-2161",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2161"
          },
          {
            "name": "20111005 vTiger CRM 5.2.x \u003c= Remote Code Execution Vulnerability",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2011/Oct/223"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:phpmailer:phpmailer:1.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmailer:phpmailer:1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmailer:phpmailer:1.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmailer:phpmailer:1.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmailer:phpmailer:1.73:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3215"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/"
            },
            {
              "name": "https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1734811\u0026group_id=26031\u0026atid=385707",
              "refsource": "MISC",
              "tags": [],
              "url": "https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1734811\u0026group_id=26031\u0026atid=385707"
            },
            {
              "name": "24417",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/24417"
            },
            {
              "name": "25626",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/25626"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=517428\u0026group_id=157374",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=517428\u0026group_id=157374"
            },
            {
              "name": "DSA-1315",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2007/dsa-1315"
            },
            {
              "name": "25755",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25755"
            },
            {
              "name": "25758",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25758"
            },
            {
              "name": "2802",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/2802"
            },
            {
              "name": "ADV-2007-2161",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2161"
            },
            {
              "name": "ADV-2007-2267",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2267"
            },
            {
              "name": "20111005 vTiger CRM 5.2.x \u003c= Remote Code Execution Vulnerability",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2011/Oct/223"
            },
            {
              "name": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce",
              "refsource": "MISC",
              "tags": [],
              "url": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce"
            },
            {
              "name": "76139",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/76139"
            },
            {
              "name": "37206",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/37206"
            },
            {
              "name": "phpmailer-popen-command-execution(34818)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34818"
            },
            {
              "name": "20070611 PHPMailer command execution",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/471065/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-16T16:47Z",
      "publishedDate": "2007-06-14T22:30Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-3215 (GCVE-0-2007-3215)

CERTA-2007-AVI-274

Description

Solution

CERTA-2007-AVI-566

Description

Solution

CERTA-2007-AVI-274

Description

Solution

CERTA-2007-AVI-566

Description

Solution

FKIE_CVE-2007-3215

GHSA-6H78-85V2-MMCH

Impact

Patches

Workarounds

References

For more information

GSD-2007-3215

Tags

Sightings

Nomenclature