Phpmailer Project

Phpmailer

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2021-3603

  • EPSS 0.4%
  • Veröffentlicht 17.06.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:57

PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the defa...

8.1

CVE-2021-34551

  • EPSS 2.11%
  • Veröffentlicht 16.06.2021 18:15:09
  • Zuletzt bearbeitet 21.11.2024 06:10:39

PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.

9.8

CVE-2020-36326

  • EPSS 1.03%
  • Veröffentlicht 28.04.2021 03:15:07
  • Zuletzt bearbeitet 21.11.2024 05:29:17

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were alway...

7.5

CVE-2020-13625

Exploit
  • EPSS 2.74%
  • Veröffentlicht 08.06.2020 17:15:10
  • Zuletzt bearbeitet 21.11.2024 05:01:37

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.

8.8

CVE-2018-19296

  • EPSS 1.35%
  • Veröffentlicht 16.11.2018 09:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:41

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.

6.1

CVE-2017-11503

Exploit
  • EPSS 0.64%
  • Veröffentlicht 20.07.2017 23:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.

5.5

CVE-2017-5223

Exploit
  • EPSS 8.9%
  • Veröffentlicht 16.01.2017 06:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using...

9.8

CVE-2016-10033

Warnung Exploit
  • EPSS 94.43%
  • Veröffentlicht 30.12.2016 19:59:00
  • Zuletzt bearbeitet 08.07.2025 01:00:02

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

9.8

CVE-2016-10045

Exploit
  • EPSS 93.6%
  • Veröffentlicht 30.12.2016 19:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal esca...

5

CVE-2015-8476

  • EPSS 0.95%
  • Veröffentlicht 16.12.2015 21:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendComm...