Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2007-3215

Description

PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.

POC

Reference

- http://seclists.org/fulldisclosure/2011/Oct/223

- http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce

Github

No PoCs found on GitHub currently.