6.8

CVE-2007-3215

PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpmailerPhpmailer Version1.7
PhpmailerPhpmailer Version1.7.1
PhpmailerPhpmailer Version1.7.2
PhpmailerPhpmailer Version1.7.3
PhpmailerPhpmailer Version1.73
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.41% 0.819
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/
http://osvdb.org/37206
http://osvdb.org/76139
http://seclists.org/fulldisclosure/2011/Oct/223
http://secunia.com/advisories/25626
Vendor Advisory
http://secunia.com/advisories/25755
http://secunia.com/advisories/25758
http://securityreason.com/securityalert/2802
http://sourceforge.net/project/shownotes.php?release_id=517428&group_id=157374
http://www.debian.org/security/2007/dsa-1315
http://www.securityfocus.com/archive/1/471065/100/0/threaded
http://www.securityfocus.com/bid/24417
http://www.vupen.com/english/advisories/2007/2161
http://www.vupen.com/english/advisories/2007/2267
http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce
https://exchange.xforce.ibmcloud.com/vulnerabilities/34818
https://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707