PT-2017-14237 · Ez Systems · Zeta Components Mail

Kay

Publicado

2017-11-15

Atualizado

2022-05-17

CVE-2017-15806

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zeta Components Mail versions prior to 1.8.2

Description The issue is related to the send function in the ezcMailMtaTransport class, which does not properly restrict the set of characters used in the ezcMail returnPath property. This might allow remote attackers to execute arbitrary code via a crafted email address.

Recommendations For versions prior to 1.8.2, update to version 1.8.2 or later to resolve the issue.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2017-15806

GHSA-HGR8-G756-VMG9

Produtos afetados

Zeta Components Mail

PT-2017-14237 · Ez Systems · Zeta Components Mail

CVE-2017-15806

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11