Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sendmail vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-40643
EyesOfNetwork prior to 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any com...
Eyesofnetwork Eyesofnetwork
9.8
CVSSv3
CVE-2020-7769
This affects the package nodemailer prior to 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.
Nodemailer Nodemailer
9.8
CVSSv3
CVE-2020-27976
osCommerce Phoenix CE prior to 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option.
Oscommerce Oscommerce
9.8
CVSSv3
CVE-2016-10131
system/libraries/Email.php in CodeIgniter prior to 3.1.3 allows remote malicious users to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments.
Codeigniter Codeigniter
9.8
CVSSv3
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer prior to 5.2.18 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
9 EDB exploits
114 Github repositories
9.8
CVSSv3
CVE-2016-10034
The setFrom function in the Sendmail adapter in the zend-mail component prior to 2.4.11, 2.5.x, 2.6.x, and 2.7.x prior to 2.7.2, and Zend Framework prior to 2.4.11 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary c...
Zend Zend Framework
Zend Zend-mail 2.6.2
Zend Zend-mail 2.7.0
Zend Zend-mail 2.7.1
Zend Zend-mail 2.5.0
Zend Zend-mail
Zend Zend-mail 2.6.0
Zend Zend-mail 2.6.1
Zend Zend-mail 2.5.1
Zend Zend-mail 2.5.2
3 EDB exploits
1 Github repository
8.8
CVSSv3
CVE-2023-38193
An issue exists in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line.
Superwebmailer Superwebmailer 9.00.0.01710
8.8
CVSSv3
CVE-2017-7692
SquirrelMail 1.4.22 (and other versions prior to 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote serve...
Squirrelmail Squirrelmail 1.4.22
1 EDB exploit
7.8
CVSSv3
CVE-2022-31256
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local malicious users to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail vers...
Opensuse Factory
7.8
CVSSv3
CVE-2014-7844
BSD mailx 8.1.2 and previous versions allows remote malicious users to execute arbitrary commands via a crafted email address.
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Aus 6.6
Redhat Enterprise Linux Server Eus 7.2
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Tus 7.3
Redhat Enterprise Linux Server Aus 7.3
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux Server Eus 7.3
Redhat Enterprise Linux Server Eus 7.4
Redhat Enterprise Linux Server Eus 7.5
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Server Tus 6.6
Redhat Enterprise Linux Server Eus 6.6
Redhat Enterprise Linux Server Eus 7.7
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »