|
Description: | | The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. |
|
Impact: | | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. |
|
Affected OS: | | FreeBSD, Linux, Windows, Mac OS, Other Unix, Others |
|
Reference: | | SecurityFocusBID:95108 SecurityTrackerID:1037533 ExploitDB:40968 ExploitDB:40970
|
|