CVE-2007-3215: PHPMailer Shell command injection
6.8
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.85662%
CWE
-
Published
2/2/2024
Updated
2/2/2024
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| phpmailer/phpmailer | composer | < 1.7.4 | 1.7.4 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability manifests in SendmailSend function where user-controlled Sender property is directly interpolated into a shell command string without proper escaping. Multiple sources (CVE description, PHPMailer advisory, and vTiger exploit analysis) explicitly show the vulnerable code pattern: 'sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender)' without using escapeshellarg/cmd. This allows attackers to inject commands via Sender parameter when sendmail transport is used.