Описание
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.
Ссылки
- ExploitThird Party Advisory
- ExploitMailing List
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- ExploitTechnical DescriptionThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitMailing List
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- ExploitTechnical DescriptionThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer ...
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2