You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
ZendFramework potential remote code execution in zend-mail via Sendmail adapter
Moderate severity
GitHub Reviewed
Published
Jun 7, 2024
to the GitHub Advisory Database
•
Updated Jun 7, 2024
When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.
When using the zend-mail component to send email via the
Zend\Mail\Transport\Sendmail transport
, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.References