CVE-2007-3215
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
PHPMailer 1.7, cuando está configurado para utilizar sendmail, permite a atacantes remotos ejecutar comandos del intérprete de comandos (shell) a través de los metacaracterés del intérprete de comandos en la función SendmailSend en class.phpmailer.php.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-06-14 CVE Reserved
- 2007-06-14 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| http://larholm.com/2007/06/11/phpmailer-0day-remote-execution | X_refsource_misc | |
| http://osvdb.org/37206 | Vdb Entry | |
| http://osvdb.org/76139 | Vdb Entry | |
| http://seclists.org/fulldisclosure/2011/Oct/223 | Mailing List |
|
| http://secunia.com/advisories/25755 | Third Party Advisory | |
| http://secunia.com/advisories/25758 | Third Party Advisory | |
| http://securityreason.com/securityalert/2802 | Third Party Advisory | |
| http://sourceforge.net/project/shownotes.php?release_id=517428&group_id=157374 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/471065/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/24417 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/2161 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/2267 | Vdb Entry | |
| http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34818 | Vdb Entry | |
| https://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/25626 | 2018-10-16 | |
| http://www.debian.org/security/2007/dsa-1315 | 2018-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Phpmailer Search vendor "Phpmailer" | Phpmailer Search vendor "Phpmailer" for product "Phpmailer" | 1.7 Search vendor "Phpmailer" for product "Phpmailer" and version "1.7" | - |
Affected
| ||||||
| Phpmailer Search vendor "Phpmailer" | Phpmailer Search vendor "Phpmailer" for product "Phpmailer" | 1.7.1 Search vendor "Phpmailer" for product "Phpmailer" and version "1.7.1" | - |
Affected
| ||||||
| Phpmailer Search vendor "Phpmailer" | Phpmailer Search vendor "Phpmailer" for product "Phpmailer" | 1.7.2 Search vendor "Phpmailer" for product "Phpmailer" and version "1.7.2" | - |
Affected
| ||||||
| Phpmailer Search vendor "Phpmailer" | Phpmailer Search vendor "Phpmailer" for product "Phpmailer" | 1.7.3 Search vendor "Phpmailer" for product "Phpmailer" and version "1.7.3" | - |
Affected
| ||||||
| Phpmailer Search vendor "Phpmailer" | Phpmailer Search vendor "Phpmailer" for product "Phpmailer" | 1.73 Search vendor "Phpmailer" for product "Phpmailer" and version "1.73" | - |
Affected
| ||||||