Required CVE Record Information
Description
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."
References 6 Total
- exploit-db.com: 43155 exploit
- https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/
- https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/
- https://github.com/zetacomponents/Mail/issues/58
- https://github.com/zetacomponents/Mail/releases/tag/1.8.2
- securityfocus.com: 101866 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 6 Total
- exploit-db.com: 43155 exploitx_transferred
- https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/ x_transferred
- https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/ x_transferred
- https://github.com/zetacomponents/Mail/issues/58 x_transferred
- https://github.com/zetacomponents/Mail/releases/tag/1.8.2 x_transferred
- securityfocus.com: 101866 vdb-entryx_transferred