PHPMailer Remote Shell Command Execution Vulnerability

TITLE: PHPMailer Remote Shell Command Execution Vulnerability
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 11 2007 12:00AM
UPDATE: Jun 19 2007 06:39PM
CREDIT: Thor Larholm is credited with discovering this issue.
VULNERABLE:

PHPMailer PHPMailer 1.7.3
PHPMailer PHPMailer 1.7.2
PHPMailer PHPMailer 1.7.1
PHPMailer PHPMailer 1.7
PHPMailer PHPMailer 1.73
+ GLPI GLPI 0.68.3
+ GLPI GLPI 0.68.3
+ GLPI GLPI 0.68.2
+ GLPI GLPI 0.68.2

NOT VULNERABLE:

Vai alla pagina originale su Security Focus

Discussion

PHPMailer is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input.

This issue affects PHPMailer when configured to use sendmail.

An attacker may leverage this issue to execute arbitrary shell commands on an affected computer with the privileges of the application using the affected class utility.

PHPMailer 1.73 and prior versions are vulnerable to this issue.

Exploit

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.

Solution

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or
if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.

References

References:

• PHPMailer 0day remote execution (Thor Larholm)
  
• Announcements: GLPI 0.68.3-2 bug fixes (GLPI)
  
• PHPMailer Home Page (PHPMailer)
  
• PHPMailer command execution (Thor Larhom)
  
• [ 1734811 ] popen command execution (Thor Larholm - larholm)
  
• GPLI Homepage (GPLI)
  

PhpLog