Vulnerability Details : CVE-2007-3215
PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
Products affected by CVE-2007-3215
- cpe:2.3:a:phpmailer:phpmailer:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpmailer:phpmailer:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:phpmailer:phpmailer:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmailer:phpmailer:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:phpmailer:phpmailer:1.73:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-3215
2.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-3215
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2007-3215
-
http://osvdb.org/76139
-
http://www.vupen.com/english/advisories/2007/2267
Site en construction
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/34818
PHPMailer class.phpmailer.php SendmailSend command execution CVE-2007-3215 Vulnerability Report
-
http://www.vupen.com/english/advisories/2007/2161
Site en construction
-
http://www.securityfocus.com/archive/1/471065/100/0/threaded
-
http://www.securityfocus.com/bid/24417
-
http://sourceforge.net/project/shownotes.php?release_id=517428&group_id=157374
Knowledgeroot Knowledgebase download | SourceForge.net
-
http://securityreason.com/securityalert/2802
PHPMailer command execution - CXSecurity.com
-
https://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707
PHPMailer / Bugs / #192 popen command execution
-
http://secunia.com/advisories/25626
About Secunia Research | FlexeraVendor Advisory
-
http://seclists.org/fulldisclosure/2011/Oct/223
Full Disclosure: vTiger CRM 5.2.x <= Remote Code Execution Vulnerability
-
http://osvdb.org/37206
-
http://www.debian.org/security/2007/dsa-1315
[SECURITY] [DSA 1315-1] New libphp-phpmailer packages fix arbitrary shell command execution
-
http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce
-
http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/
larholm.com
-
http://secunia.com/advisories/25758
About Secunia Research | Flexera
-
http://secunia.com/advisories/25755
About Secunia Research | Flexera
Jump to