CVE-2007-3215 - Vulnerability Details - OpenCVE

PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phpmailer	Phpmailer

Configuration 1 [-]

OR	cpe:2.3:a:phpmailer:phpmailer:1.7:::::::*
	cpe:2.3:a:phpmailer:phpmailer:1.7.1:::::::*
	cpe:2.3:a:phpmailer:phpmailer:1.7.2:::::::*
	cpe:2.3:a:phpmailer:phpmailer:1.7.3:::::::*
	cpe:2.3:a:phpmailer:phpmailer:1.73:::::::*

No data.

References

Link	Providers
http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/
http://osvdb.org/37206
http://osvdb.org/76139
http://seclists.org/fulldisclosure/2011/Oct/223
http://secunia.com/advisories/25626
http://secunia.com/advisories/25755
http://secunia.com/advisories/25758
http://securityreason.com/securityalert/2802
http://sourceforge.net/project/shownotes.php?release_id=517428&group_id=157374
http://www.debian.org/security/2007/dsa-1315
http://www.securityfocus.com/archive/1/471065/100/0/threaded
http://www.securityfocus.com/bid/24417
http://www.vupen.com/english/advisories/2007/2161
http://www.vupen.com/english/advisories/2007/2267
http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce
https://exchange.xforce.ibmcloud.com/vulnerabilities/34818
https://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-14T22:00:00

Updated: 2024-08-07T14:05:29.463Z

Reserved: 2007-06-14T00:00:00

Link: CVE-2007-3215

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-06-14T22:30:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-3215

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-11T00:00:00", "descriptions": [{"lang": "en", "value": "PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070611 PHPMailer command execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/471065/100/0/threaded"}, {"name": "DSA-1315", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1315"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=517428&group_id=157374"}, {"name": "phpmailer-popen-command-execution(34818)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34818"}, {"name": "25755", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25755"}, {"name": "2802", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2802"}, {"name": "76139", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/76139"}, {"name": "24417", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24417"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707"}, {"name": "37206", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37206"}, {"name": "ADV-2007-2267", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2267"}, {"tags": ["x_refsource_MISC"], "url": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/"}, {"tags": ["x_refsource_MISC"], "url": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce"}, {"name": "25626", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25626"}, {"name": "25758", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25758"}, {"name": "ADV-2007-2161", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2161"}, {"name": "20111005 vTiger CRM 5.2.x <= Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2011/Oct/223"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3215", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070611 PHPMailer command execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/471065/100/0/threaded"}, {"name": "DSA-1315", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1315"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=517428&group_id=157374", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=517428&group_id=157374"}, {"name": "phpmailer-popen-command-execution(34818)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34818"}, {"name": "25755", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25755"}, {"name": "2802", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2802"}, {"name": "76139", "refsource": "OSVDB", "url": "http://osvdb.org/76139"}, {"name": "24417", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24417"}, {"name": "https://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707", "refsource": "MISC", "url": "https://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707"}, {"name": "37206", "refsource": "OSVDB", "url": "http://osvdb.org/37206"}, {"name": "ADV-2007-2267", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2267"}, {"name": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/", "refsource": "MISC", "url": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/"}, {"name": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce", "refsource": "MISC", "url": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce"}, {"name": "25626", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25626"}, {"name": "25758", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25758"}, {"name": "ADV-2007-2161", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2161"}, {"name": "20111005 vTiger CRM 5.2.x <= Remote Code Execution Vulnerability", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2011/Oct/223"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:05:29.463Z"}, "title": "CVE Program Container", "references": [{"name": "20070611 PHPMailer command execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/471065/100/0/threaded"}, {"name": "DSA-1315", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1315"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=517428&group_id=157374"}, {"name": "phpmailer-popen-command-execution(34818)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34818"}, {"name": "25755", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25755"}, {"name": "2802", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2802"}, {"name": "76139", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/76139"}, {"name": "24417", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24417"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707"}, {"name": "37206", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37206"}, {"name": "ADV-2007-2267", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2267"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce"}, {"name": "25626", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25626"}, {"name": "25758", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25758"}, {"name": "ADV-2007-2161", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2161"}, {"name": "20111005 vTiger CRM 5.2.x <= Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2011/Oct/223"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3215", "datePublished": "2007-06-14T22:00:00", "dateReserved": "2007-06-14T00:00:00", "dateUpdated": "2024-08-07T14:05:29.463Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpmailer:phpmailer:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "65A453FF-9AC7-4A84-B1FA-735B38ABEC1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmailer:phpmailer:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "F3611829-7CF3-43B1-A8AC-979124BE9C79", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmailer:phpmailer:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "7D5FB20E-ADCB-4F79-842A-40E692D384C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmailer:phpmailer:1.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "6BFE740D-FAD1-4A16-8F49-4FF2BE69C21C", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmailer:phpmailer:1.73:*:*:*:*:*:*:*", "matchCriteriaId": "7BF4FD90-8B03-4056-9CCD-1F587A163A38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php."}, {"lang": "es", "value": "PHPMailer 1.7, cuando est\u00e1 configurado para utilizar sendmail, permite a atacantes remotos ejecutar comandos del int\u00e9rprete de comandos (shell) a trav\u00e9s de los metacaracter\u00e9s del int\u00e9rprete de comandos en la funci\u00f3n SendmailSend en class.phpmailer.php."}], "evaluatorImpact": "Successful exploitation requires that the PHP script using PHPMailer is configured to send e-mails with the Sendmail method, and that the script does not sanitise data before storing it in the Sender property.\r\n", "id": "CVE-2007-3215", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-14T22:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37206"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/76139"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2011/Oct/223"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25626"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25755"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25758"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2802"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=517428&group_id=157374"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2007/dsa-1315"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/471065/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24417"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2161"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2267"}, {"source": "cve@mitre.org", "url": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34818"}, {"source": "cve@mitre.org", "url": "https://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/37206"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/76139"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2011/Oct/223"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25626"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25755"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25758"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2802"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=517428&group_id=157374"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2007/dsa-1315"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/471065/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/24417"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2161"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2267"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34818"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}