VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-6tyt-xhs3-1bbg

Essentials
Severities (26)
References (15)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-6tyt-xhs3-1bbg
Aliases	CVE-2007-3215 GHSA-6h78-85v2-mmch
Summary	PHPMailer Shell command injection PHPMailer before 1.7.4, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in `class.phpmailer.php`. ### Impact Shell command injection, remotely exploitable if host application does not filter user data appropriately. ### Patches Fixed in 1.7.4 ### Workarounds Filter and validate user-supplied data before putting in the into the `Sender` property. ### References https://nvd.nist.gov/vuln/detail/CVE-2007-3215 ### For more information If you have any questions or comments about this advisory: * Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer)
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.03251	https://api.first.org/data/v1/epss?cve=CVE-2007-3215
epss	0.03251	https://api.first.org/data/v1/epss?cve=CVE-2007-3215
epss	0.03251	https://api.first.org/data/v1/epss?cve=CVE-2007-3215
epss	0.03251	https://api.first.org/data/v1/epss?cve=CVE-2007-3215
epss	0.03251	https://api.first.org/data/v1/epss?cve=CVE-2007-3215
epss	0.03251	https://api.first.org/data/v1/epss?cve=CVE-2007-3215
epss	0.03251	https://api.first.org/data/v1/epss?cve=CVE-2007-3215
epss	0.03251	https://api.first.org/data/v1/epss?cve=CVE-2007-3215
epss	0.03251	https://api.first.org/data/v1/epss?cve=CVE-2007-3215
epss	0.03251	https://api.first.org/data/v1/epss?cve=CVE-2007-3215
epss	0.03251	https://api.first.org/data/v1/epss?cve=CVE-2007-3215
epss	0.03251	https://api.first.org/data/v1/epss?cve=CVE-2007-3215
epss	0.03251	https://api.first.org/data/v1/epss?cve=CVE-2007-3215
epss	0.03251	https://api.first.org/data/v1/epss?cve=CVE-2007-3215
epss	0.03251	https://api.first.org/data/v1/epss?cve=CVE-2007-3215
epss	0.03251	https://api.first.org/data/v1/epss?cve=CVE-2007-3215
generic_textual	HIGH	https://cxsecurity.com/issue/WLB-2007060063
generic_textual	HIGH	https://exchange.xforce.ibmcloud.com/vulnerabilities/34818
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-6h78-85v2-mmch
generic_textual	HIGH	https://github.com/PHPMailer/PHPMailer
cvssv3.1_qr	HIGH	https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-6h78-85v2-mmch
generic_textual	HIGH	https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-6h78-85v2-mmch
generic_textual	HIGH	https://seclists.org/fulldisclosure/2011/Oct/223
generic_textual	HIGH	https://sourceforge.net/p/phpmailer/bugs/192
generic_textual	HIGH	https://web.archive.org/web/20070714054359/http://larholm.com/2007/06/11/phpmailer-0day-remote-execution
generic_textual	HIGH	https://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2007-3215
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3215
		https://cxsecurity.com/issue/WLB-2007060063
		https://exchange.xforce.ibmcloud.com/vulnerabilities/34818
		https://github.com/PHPMailer/PHPMailer
		https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-6h78-85v2-mmch
		https://seclists.org/fulldisclosure/2011/Oct/223
		https://sourceforge.net/p/phpmailer/bugs/192
		https://sourceforge.net/p/phpmailer/bugs/192/
		https://web.archive.org/web/20070714054359/http://larholm.com/2007/06/11/phpmailer-0day-remote-execution
		https://web.archive.org/web/20070714054359/http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/
		https://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce
429179		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429179
GHSA-6h78-85v2-mmch		https://github.com/advisories/GHSA-6h78-85v2-mmch
USN-791-1		https://usn.ubuntu.com/791-1/

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.86637
EPSS Score	0.03251
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:32:22.278893+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-6h78-85v2-mmch/GHSA-6h78-85v2-mmch.json	37.0.0