Description
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ajax Search Lite Security Bypass (3.1)
Apache Tomcat Data Processing Errors Vulnerability (CVE-2014-0227)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5323)
WordPress Plugin WP Photo Album Plus Cross-Site Request Forgery (4.8.11)
WordPress Plugin WP Private Message Insecure Direct Object Reference (1.0.5)