The setFrom function in the Sendmail adapter in the zend-mail component prior to 2.4.11, 2.5.x, 2.6.x, and 2.7.x prior to 2.7.2, and Zend Framework prior to 2.4.11 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zend zend framework |
||
zend zend-mail 2.6.2 |
||
zend zend-mail 2.7.0 |
||
zend zend-mail 2.7.1 |
||
zend zend-mail 2.5.0 |
||
zend zend-mail |
||
zend zend-mail 2.6.0 |
||
zend zend-mail 2.6.1 |
||
zend zend-mail 2.5.1 |
||
zend zend-mail 2.5.2 |