Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2007-3215

Published: 14/06/2007 Updated: 16/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Phpmailer

Vulnerability Summary

PHPMailer 1.7, when configured to use sendmail, allows remote malicious users to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.

Vulnerable Product Search on Vulmon Subscribe to Product

phpmailer phpmailer 1.7.2

phpmailer phpmailer 1.7

phpmailer phpmailer 1.7.1

phpmailer phpmailer 1.7.3

phpmailer phpmailer 1.73

Vendor Advisories

Ubuntu Security Notice: moodle vulnerabilities
Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user (CVE-2007-3215) ...
Debian CVElist Bug Report Logs: [CVE-2007-3163, CVE-2006-6978 etc.] FCKEditor issues
Debian Bug report logs - #429204 [CVE-2007-3163, CVE-2006-6978 etc] FCKEditor issues Package: knowledgeroot; Maintainer for knowledgeroot is (unknown); Reported by: Florian Weimer <fw@denebenyode> Date: Sat, 16 Jun 2007 10:03:06 UTC Severity: grave Tags: security Fixed in version knowledgeroot/0982-2 Done: Frank Ha ...
Debian CVElist Bug Report Logs: CVE-2007-3215: remote shell command execution
Debian Bug report logs - #429179 CVE-2007-3215: remote shell command execution Package: libphp-phpmailer; Maintainer for libphp-phpmailer is Debian PHP PEAR Maintainers <pkg-php-pear@listsaliothdebianorg>; Source for libphp-phpmailer is src:libphp-phpmailer (PTS, buildd, popcon) Reported by: Florian Weimer <fw@deneben ...
Debian CVElist Bug Report Logs: [CVE-2007-3140] remote SQL injection vulnerability in xmlrpc.php
Debian Bug report logs - #428073 [CVE-2007-3140] remote SQL injection vulnerability in xmlrpcphp Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Stefan Fritsch <sf@sfritschde> Date: Fri, 8 Jun 2007 16:45:01 UT ...

References

NVD-CWE-Otherhttp://larholm.com/2007/06/11/phpmailer-0day-remote-execution/https://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707http://www.securityfocus.com/bid/24417http://secunia.com/advisories/25626http://sourceforge.net/project/shownotes.php?release_id=517428&group_id=157374http://www.debian.org/security/2007/dsa-1315http://secunia.com/advisories/25755http://secunia.com/advisories/25758http://securityreason.com/securityalert/2802http://www.vupen.com/english/advisories/2007/2161http://www.vupen.com/english/advisories/2007/2267http://seclists.org/fulldisclosure/2011/Oct/223http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rcehttp://osvdb.org/76139http://osvdb.org/37206https://exchange.xforce.ibmcloud.com/vulnerabilities/34818http://www.securityfocus.com/archive/1/471065/100/0/threadedhttps://usn.ubuntu.com/791-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook