Debian Linux Security Advisory 3750-1 - Dawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address.
901f4034412534063d18c6641addaec686197e10549977184764df69a8ca106f