diff --git a/e107_handlers/phpmailer/class.phpmailer.php b/e107_handlers/phpmailer/class.phpmailer.php
index ccbcc9fb8..034c5ceb3 100644
--- a/e107_handlers/phpmailer/class.phpmailer.php
+++ b/e107_handlers/phpmailer/class.phpmailer.php
@@ -390,10 +390,9 @@ class PHPMailer
      */
     function SendmailSend($header, $body) {
         if ($this->Sender != "")
-            $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender);
+            $sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
         else
-            $sendmail = sprintf("%s -oi -t", $this->Sendmail);
-
+            $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));
         if(!@$mail = popen($sendmail, "w"))
         {
             $this->SetError($this->Lang("execute") . $this->Sendmail);