Name of the Vulnerable Software and Affected Versions zend-mail (affected versions not specified)

Description The issue allows a malicious user to inject arbitrary parameters to the system sendmail program when using the ZendMailTransportSendmail transport to send email. This is achieved by providing additional quote characters within an address, which can be interpreted as additional command line arguments if not properly sanitized.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.