[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] PHPMailer command execution

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, websecurity@xxxxxxxxxxxxx
Subject: [Full-disclosure] PHPMailer command execution
From: Thor Larholm <seclists@xxxxxxxxxxx>
Date: Mon, 11 Jun 2007 19:46:16 +0200

PHPMailer is a widely deployed utility class used in PHP application to 
handle emails sent through sendmail, PHP mailto() or SMTP. It is used in 
PHP applications such as WordPress, Mantis, WebCalendar, Group-Office 
and Joomla. The last official release happened on July 11, 2005.

If you have configured PHPMailer to use sendmail it has a remote command 
execution vulnerability due to a lack of input validation. sendmail is 
queried through the popen function which is called with a string 
constructed from non-escaped user input.

http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/


Cheers
Thor Larholm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] SECNICHE : Dwelling Security is On the Run
Next by Date: [Full-disclosure] [ GLSA 200706-04 ] MadWifi: Multiple vulnerabilities
Previous by thread: Re: [Full-disclosure] SECNICHE : Dwelling Security is On the Run
Next by thread: [Full-disclosure] [ GLSA 200706-04 ] MadWifi: Multiple vulnerabilities
Index(es):
- Date
- Thread