|
| Description: | | The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. |
|
| Impact: | | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. |
|
| Affected OS: | | FreeBSD, Linux, Windows, Mac OS, Other Unix, Others |
|
| Reference: | | SecurityFocusBID:95108
SecurityTrackerID:1037533
ExploitDB:40968
ExploitDB:40970
|
|