CVE-2017-15806 – zetacomponents/mail

Package

Manager: composer
Name: zetacomponents/mail
Vulnerable Version: >=0 <1.8.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.20401 pctl0.95325

Details

Zeta Components Mail Arbitrary code execution via a crafted email address The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."

Metadata

Created: 2022-05-17T00:18:44Z
Modified: 2024-04-23T23:01:34Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hgr8-g756-vmg9/GHSA-hgr8-g756-vmg9.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-hgr8-g756-vmg9
Finding: F422
Auto approve: 1