CVE-2007-3215 : PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execu

PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.

Published 2007-06-14 22:30:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2007-3215

Phpmailer » Phpmailer » Version: 1.7.2
cpe:2.3:a:phpmailer:phpmailer:1.7.2:*:*:*:*:*:*:*
Matching versions
Phpmailer » Phpmailer » Version: 1.7
cpe:2.3:a:phpmailer:phpmailer:1.7:*:*:*:*:*:*:*
Matching versions
Phpmailer » Phpmailer » Version: 1.7.1
cpe:2.3:a:phpmailer:phpmailer:1.7.1:*:*:*:*:*:*:*
Matching versions
Phpmailer » Phpmailer » Version: 1.7.3
cpe:2.3:a:phpmailer:phpmailer:1.7.3:*:*:*:*:*:*:*
Matching versions
Phpmailer » Phpmailer » Version: 1.73
cpe:2.3:a:phpmailer:phpmailer:1.73:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-3215

EPSS FAQ

2.86%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 85 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-3215

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2007-3215

http://osvdb.org/76139
http://www.vupen.com/english/advisories/2007/2267

Site en construction
https://exchange.xforce.ibmcloud.com/vulnerabilities/34818

PHPMailer class.phpmailer.php SendmailSend command execution CVE-2007-3215 Vulnerability Report
http://www.vupen.com/english/advisories/2007/2161

Site en construction
http://www.securityfocus.com/archive/1/471065/100/0/threaded
http://www.securityfocus.com/bid/24417
http://sourceforge.net/project/shownotes.php?release_id=517428&group_id=157374

Knowledgeroot Knowledgebase download | SourceForge.net
http://securityreason.com/securityalert/2802

PHPMailer command execution - CXSecurity.com
https://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707

PHPMailer / Bugs / #192 popen command execution
http://secunia.com/advisories/25626

About Secunia Research | Flexera
Vendor Advisory
http://seclists.org/fulldisclosure/2011/Oct/223

Full Disclosure: vTiger CRM 5.2.x <= Remote Code Execution Vulnerability
http://osvdb.org/37206
http://www.debian.org/security/2007/dsa-1315

[SECURITY] [DSA 1315-1] New libphp-phpmailer packages fix arbitrary shell command execution
http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce
http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/

larholm.com
http://secunia.com/advisories/25758

About Secunia Research | Flexera
http://secunia.com/advisories/25755

About Secunia Research | Flexera

Jump to

Vulnerability Details : CVE-2007-3215

Products affected by CVE-2007-3215

Exploit prediction scoring system (EPSS) score for CVE-2007-3215

CVSS scores for CVE-2007-3215

References for CVE-2007-3215