diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 361e1db63b2d50502749d85f867b62d44fb7e263..6faf8f63c7b9cf759d4900b3b15bb8bc670e5bc7 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,5 +1,9 @@
 Mime Mail 6.x-1.x, xxxx-xx-xx
 -----------------------
+
+Mime Mail 6.x-1.5, 2018-10-17
+-----------------------
+- #161907 by RainbowLyte, sgabe: Fixed sanitization of additional mail parameter
 - #2031143 by sgabe, das-peter: Support @import by using drupal_load_stylesheet()
 
 Mime Mail 6.x-1.4, 2014-03-05
diff --git a/mimemail.module b/mimemail.module
index 060ff76c6d61d4422aaffa0a75752dfcaab92c08..01ad6328a53f3a482f28f63adf684f8e1387fff7 100644
--- a/mimemail.module
+++ b/mimemail.module
@@ -381,7 +381,9 @@ function mimemail_mailengine($op, $message = array()) {
         $subject = $message['subject'];
         $body = $message['body'];
         $headers = mimemail_rfc_headers($message['headers']);
-        if (isset($return_path) && !empty($return_path)) {
+        // We validate the return path, unless it is equal to the site mail, which
+        // we assume to be safe.
+        if (isset($return_path) && !empty($return_path) && (variable_get('site_mail', ini_get('sendmail_from')) === $return_path || mimemail_isshellsafe($return_path))) {
           if (isset($_SERVER['WINDIR']) || strpos($_SERVER['SERVER_SOFTWARE'], 'Win32') !== FALSE) {
             // On Windows, PHP will use the value of sendmail_from for the
             // Return-Path header.
@@ -441,3 +443,22 @@ if (strpos(variable_get('smtp_library', ''), 'mimemail') !== FALSE
   }
 
 }
+
+/**
+ * Disallows potentially unsafe shell characters.
+ *
+ * @param string $string
+ *   The string to be validated.
+ *
+ * @return bool
+ *   True if the string is shell-safe.
+ */
+function mimemail_isshellsafe($string) {
+  if (escapeshellcmd($string) !== $string || !in_array(escapeshellarg($string), array("'$string'", "\"$string\""))) {
+    return FALSE;
+  }
+  if (preg_match('/[^a-zA-Z0-9@_\-.]/', $string) !== 0) {
+    return FALSE;
+  }
+  return TRUE;
+}