The second line of the SendmailSend function in class.phpmailer.php (line 393) is vulnerable to a shell command execution vulnerability due to a lack of input validation.
If the Sender property is set by the initiating script it is possible to execute arbitrary commands.
A lot of PHP applications such as WordPress and Mantis use the PHPMailer class to send email, and is not always running with PHP safe_mode enabled.
The solution is to escape the input with the escapeshellarg() or escapeshellcmd() functions.
Log in to post a comment.