Phpmailer Project

Phpmailer

10 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2021-3603

  • EPSS 0.4%
  • Published 17.06.2021 12:15:08
  • Last modified 21.11.2024 06:21:57

PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the defa...

8.1

CVE-2021-34551

  • EPSS 2.11%
  • Published 16.06.2021 18:15:09
  • Last modified 21.11.2024 06:10:39

PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.

9.8

CVE-2020-36326

  • EPSS 1.03%
  • Published 28.04.2021 03:15:07
  • Last modified 21.11.2024 05:29:17

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were alway...

7.5

CVE-2020-13625

Exploit
  • EPSS 2.74%
  • Published 08.06.2020 17:15:10
  • Last modified 21.11.2024 05:01:37

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.

8.8

CVE-2018-19296

  • EPSS 1.35%
  • Published 16.11.2018 09:29:00
  • Last modified 21.11.2024 03:57:41

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.

6.1

CVE-2017-11503

Exploit
  • EPSS 0.64%
  • Published 20.07.2017 23:29:00
  • Last modified 20.04.2025 01:37:25

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.

5.5

CVE-2017-5223

Exploit
  • EPSS 8.9%
  • Published 16.01.2017 06:59:00
  • Last modified 20.04.2025 01:37:25

An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using...

9.8

CVE-2016-10033

Warning Exploit
  • EPSS 94.43%
  • Published 30.12.2016 19:59:00
  • Last modified 08.07.2025 01:00:02

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

9.8

CVE-2016-10045

Exploit
  • EPSS 93.6%
  • Published 30.12.2016 19:59:00
  • Last modified 12.04.2025 10:46:40

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal esca...

5

CVE-2015-8476

  • EPSS 0.95%
  • Published 16.12.2015 21:59:05
  • Last modified 12.04.2025 10:46:40

Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendComm...