ZendFramework potential remote code execution in zend-mail via Sendmail adapter

When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.

Published: Jun 7, 2024
Updated: Jun 27, 2024
GHSA: GHSA-gff2-p6vm-3p8g
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWEs:

CWE-74

Affected Software
References

Software	From	Fixed in
zendframework / zendframework	2.0.0	2.4.11

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2016-04.yaml
https://github.com/zendframework/zendframework/commit/7c1e89815f5a9c016f4b8088e59b07cb2bf99dc0
https://web.archive.org/web/20201107093523/https://framework.zend.com/security/advisory/ZF2016-04

Vulnerability Database

ZendFramework potential remote code execution in zend-mail via Sendmail adapter

Deep Security Visibility Without the Complexity