Untrusted code execution in PHPMailer
Reported a vulnerability in PHPMailer where a function could run unexpectedly while sending a mail leading to untrusted code execution.
- Posted on:
- Reading Time: 1 min
- Share on:
validateAddress function which is used to validate email addresses, uses
call_user_func to call the callable from the name of callable provided to the function as an argument
$patternselect. But if no argument is passed, the function sets
"php" as default value to
$patternselect variable on line 1337 (ironically). If a callable (function) named
php is present in the scope, the function gets executed.