Project: HTML Mail
Security risk: *Critical* 17∕25
Vulnerability: Remote Code Execution
The HTML Mail module lets you theme your messages the same way you theme the
rest of your website.
When sending email some variables were not being sanitized for shell
arguments, which could lead to remote code execution.
This issue is related to the Drupal Core release SA-CORE-2018-006.
Install the latest version: