PHPMailer command execution

2007.06.17

Credit: Thor Larholm

Risk: High

Local: No

Remote: Yes

CVE: CVE-2007-3215

CWE: CWE-Other

CVSS Base Score: 6.8/10

Impact Subscore: 6.4/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

PHPMailer is a widely deployed utility class used in PHP application to 
handle emails sent through sendmail, PHP mailto() or SMTP. It is used in 
PHP applications such as WordPress, Mantis, WebCalendar, Group-Office 
and Joomla. The last official release happened on July 11, 2005.

If you have configured PHPMailer to use sendmail it has a remote command 
execution vulnerability due to a lack of input validation. sendmail is 
queried through the popen function which is called with a string 
constructed from non-escaped user input.

http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/

Cheers
Thor Larholm

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

PHPMailer command execution

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

PHPMailer command execution

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.