CVE-2007-3215 — Phpmailer vulnerability

8 documents5 sources

Severity

6.8MEDIUMNVD

GHSA7.5OSV7.5

EPSS

4.4%

top 10.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Phpmailer Debian Libphp-phpmailer +1 more

Timeline

PublishedJun 14

Latest updateFeb 2

Description

PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages5 packages

▶Packagistphpmailer/phpmailer< 5.2.0+1

▶debiandebian/libphp-phpmailer< libphp-phpmailer 1.73-4 (bookworm)

▶NVDphpmailer/phpmailer5 versions+4

▶debiandebian/wordpress< libphp-phpmailer 1.73-4 (bookworm)

▶Debianwordpress/wordpress< 2.2.1-1+3

🔴Vulnerability Details

GHSA

PHPMailer Local file inclusion↗2024-02-02

▶

GHSA

PHPMailer Shell command injection↗2024-02-02

▶

OSV

PHPMailer Local file inclusion↗2024-02-02

▶

OSV

PHPMailer Shell command injection↗2024-02-02

▶

OSV

CVE-2007-3215: PHPMailer 1↗2007-06-14

▶

📋Vendor Advisories

Ubuntu

Moodle vulnerabilities↗2009-06-24

▶

Debian

CVE-2007-3215: libphp-phpmailer - PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execu...↗2007

▶