Successful exploitation requires that the PHP script using PHPMailer is configured to send e-mails with the Sendmail method, and that the script does not sanitise data before storing it in the Sender property.
Related posts