Описание
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted e-mail address.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-apps/xenial | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| precise | not-affected | 5.1-1+deb6u11build0.12.04.1 |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
| upstream | released | 5.1 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
The setFrom function in the Sendmail adapter in the zend-mail componen ...
zend-mail remote code execution via Sendmail adapter
7.5 High
CVSS2
9.8 Critical
CVSS3