Vulnerability Details CVE-2017-15806
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.204
EPSS Ranking 95.3%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
References
- http://www.securityfocus.com/bid/101866
- https://github.com/zetacomponents/Mail/issues/58
- https://github.com/zetacomponents/Mail/releases/tag/1.8.2
- https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/
- https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/
- https://www.exploit-db.com/exploits/43155/
- http://www.securityfocus.com/bid/101866
- https://github.com/zetacomponents/Mail/issues/58
- https://github.com/zetacomponents/Mail/releases/tag/1.8.2
- https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/
- https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/
- https://www.exploit-db.com/exploits/43155/
Products affected by CVE-2017-15806
-
cpe:2.3:a:zetacomponents:mail:1.1
-
cpe:2.3:a:zetacomponents:mail:1.1.1
-
cpe:2.3:a:zetacomponents:mail:1.1.2
-
cpe:2.3:a:zetacomponents:mail:1.2
-
cpe:2.3:a:zetacomponents:mail:1.3
-
cpe:2.3:a:zetacomponents:mail:1.4
-
cpe:2.3:a:zetacomponents:mail:1.4.1
-
cpe:2.3:a:zetacomponents:mail:1.4.2
-
cpe:2.3:a:zetacomponents:mail:1.4.3
-
cpe:2.3:a:zetacomponents:mail:1.5
-
cpe:2.3:a:zetacomponents:mail:1.5.1
-
cpe:2.3:a:zetacomponents:mail:1.5.2
-
cpe:2.3:a:zetacomponents:mail:1.6
-
cpe:2.3:a:zetacomponents:mail:1.6.1
-
cpe:2.3:a:zetacomponents:mail:1.6.2
-
cpe:2.3:a:zetacomponents:mail:1.6.3
-
cpe:2.3:a:zetacomponents:mail:1.7
-
cpe:2.3:a:zetacomponents:mail:1.8
-
cpe:2.3:a:zetacomponents:mail:1.8.1