The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer prior to 5.4.5 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
swiftmailer swiftmailer |
Borked patch opens remote code execution on web servers
Websites using PHPMailer for forms are at risk from a critical-rated remote code execution zero day bug. Legal Hackers researcher Dawid Golunski found the vulnerability (CVE-2016-10074) in the much-used library, found in the world's most popular content management systems and addons. The bug also affects the Zend Mailer and SwiftMailer . A patch was issued for the vulnerability but it can be bypassed, Golunski says, reopening the avenue for attack. Golunski created a limited proof-of-concept exp...