Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: PHP :: tb11245.htm

PHPMailer command execution



PHPMailer command execution
PHPMailer command execution



PHPMailer is a widely deployed utility class used in PHP application to 
handle emails sent through sendmail, PHP mailto() or SMTP. It is used in 
PHP applications such as WordPress, Mantis, WebCalendar, Group-Office 
and Joomla. The last official release happened on July 11, 2005.

If you have configured PHPMailer to use sendmail it has a remote command 
execution vulnerability due to a lack of input validation. sendmail is 
queried through the popen function which is called with a string 
constructed from non-escaped user input.

http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/ 


Cheers
Thor Larholm


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH