Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/libphp-phpmailer@1.73-4?distro=trixie
purl pkg:deb/debian/libphp-phpmailer@1.73-4?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-k96h-dr15-ufhv PHPMailer Shell command injection PHPMailer before 1.7.4, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in `class.phpmailer.php`. ### Impact Shell command injection, remotely exploitable if host application does not filter user data appropriately. ### Patches Fixed in 1.7.4 ### Workarounds Filter and validate user-supplied data before putting in the into the `Sender` property. ### References https://nvd.nist.gov/vuln/detail/CVE-2007-3215 ### For more information If you have any questions or comments about this advisory: * Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer) CVE-2007-3215
GHSA-6h78-85v2-mmch

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T09:28:06.205684+00:00 Debian Importer Fixing VCID-k96h-dr15-ufhv https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-11T18:18:51.512251+00:00 Debian Importer Fixing VCID-k96h-dr15-ufhv https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:29:13.482057+00:00 Debian Importer Fixing VCID-k96h-dr15-ufhv https://security-tracker.debian.org/tracker/data/json 38.1.0