PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
{ "urgency": "high" }
{ "urgency": "not yet assigned" }