CVE-2017-15806

HIGH

Zeta Components Mail < 1.8.2 - Remote Code Execution via Crafted Email Address in Return Path

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-15806. PoCs published by MalwareBenchmark.

AI-analyzed exploit summary The exploit leverages improper sanitization of the return path in the ezcMailMtaTransport class, allowing command injection via the sendmail -X flag to write arbitrary files to the webroot. This results in remote code execution if the attacker can access the written file.

Description

The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."

Exploits (1)

exploitdb WORKING POC VERIFIED

by MalwareBenchmark · textwebappsphp

https://www.exploit-db.com/exploits/43155

View Code ZIP pw:eip

The exploit leverages improper sanitization of the return path in the ezcMailMtaTransport class, allowing command injection via the sendmail -X flag to write arbitrary files to the webroot. This results in remote code execution if the attacker can access the written file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Zeta Components Mail <= 1.8.1

No auth needed

Prerequisites: Use of ezcMailMtaTransport · Sendmail binary with -X flag support · Writable webroot by the webserver user · Unsanitized input for returnPath

MITRE ATT&CK

T1202 - Indirect Command Execution T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →