Intrusion Prevention

PHP.App.Email.Arguments.Parsing.Remote.Code.Execution

Description

This indicates an attack attempt to exploit a Command Execution vulnerability in Multiple PHP applications.
The vulnerability is due to insufficient sanitization of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted request.

Affected Products

PHPMailer up to 5.20
SwiftMailer up to 5.4.5-DEV
zend-mail, starting in version 2.7.2
zend-mail 2.4.11
Zend Framework 2.4.11

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.