CVE-2007-3215

Name of the Vulnerable Software and Affected Versions: PHPMailer versions 1.7 through 1.7.3 PHPMailer versions prior to 1.7.4

Description: The issue allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. This is a shell command injection issue that is remotely exploitable if the host application does not filter user data appropriately.

Recommendations: For PHPMailer versions 1.7 through 1.7.3, update to version 1.7.4 to resolve the issue. For PHPMailer versions prior to 1.7.4, update to version 1.7.4 to resolve the issue. As a temporary workaround, filter and validate user-supplied data before putting it into the Sender property.