A critical remote code execution vulnerability in PHPMailer could put millions of websites at risk of hacking. The flaw is caused by insufficient validation of the sender email address input and can allow an attacker to inject shell commands that would be executed on the web server in the context of the sendmail program. Successful exploitation requires the presence of a web form on the website that uses PHPMmailer to send emails and allows inputting a custom sender address — the address that appears in the From email header.”]