CVE-2007-3215

Description

PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.

How to fix CVE-2007-3215

To remediate CVE-2007-3215, upgrade the affected package to a fixed version below.

• Debian/libphp-phpmailer—upgrade to 1.73-4 or later
• Debian/libphp-phpmailer—upgrade to 1.73-2etch1 or later
• Debian/wordpress—upgrade to 2.2.1-1 or later
• Packagist/phpmailer/phpmailer—upgrade to 1.7.4 or later

Is CVE-2007-3215 being exploited?

Low — EPSS is 4.4%, meaning exploitation activity has not been observed at scale.

Affected packages (4)

• from 0, < 1.73-4
• from 0, < 1.73-2etch1
• from 0, < 2.2.1-1
• from 0, < 1.7.4

References (9)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-3215
• PATCHgithub.com/PHPMailer/PHPMailer
• WEBcxsecurity.com/issue/WLB-2007060063
• WEBexchange.xforce.ibmcloud.com/vulnerabilities/34818
• WEB