The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2016-12-30T19:00:00
Updated: 2024-08-06T03:07:31.976Z
Reserved: 2016-12-23T00:00:00
Link: CVE-2016-10034
Vulnrichment
No data.
NVD
Status : Modified
Published: 2016-12-30T19:59:00.217
Modified: 2024-11-21T02:43:07.780
Link: CVE-2016-10034
Redhat
No data.