CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3603 – Inclusion of Functionality from Untrusted Control Sphere in PHPMailer/PHPMailer
https://notcve.org/view.php?id=CVE-2021-3603
17 Jun 2021 — PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function n... • https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.1EPSS: 2%CPEs: 4EXPL: 0CVE-2021-34551
https://notcve.org/view.php?id=CVE-2021-34551
16 Jun 2021 — PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. PHPMailer versiones anteriores a 6.5.0 en Windows, permite una ejecución de código remota si la función lang_path es un dato no confiable y presenta un nombre de ruta UNC • https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 1%CPEs: 22EXPL: 0CVE-2020-36326
https://notcve.org/view.php?id=CVE-2020-36326
28 Apr 2021 — PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation. PHPMailer versión 6.1.8 hasta la versión 6.4.0 permite la inyección de objetos a través de Phar Deser... • https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 1CVE-2020-13625 – Ubuntu Security Notice USN-5956-2
https://notcve.org/view.php?id=CVE-2020-13625
08 Jun 2020 — PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. PHPMailer versiones anteriores a 6.1.6, contiene un bug de escape de salida cuando el nombre de un archivo adjunto contiene un carácter de comillas dobles. Esto puede resultar en que el tipo de archivo esta siendo malinterpretado por el receptor o que cualquier retransmisión... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2018-19296 – Ubuntu Security Notice USN-5956-2
https://notcve.org/view.php?id=CVE-2018-19296
16 Nov 2018 — PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. PHPMailer en versiones anteriores a la 5.2.27 y versiones 6.x anteriores a la 6.0.6 es vulnerable a un ataque de inyección de objetos. Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. • https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27 • CWE-502: Deserialization of Untrusted Data CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 3CVE-2017-11503 – Ubuntu Security Notice USN-5956-2
https://notcve.org/view.php?id=CVE-2017-11503
20 Jul 2017 — PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php. PHPMailer versión 5.2.23 tiene XSS en los campos "From Email Address" y "To Email Address" de code_generator.php. Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. • https://github.com/wizardafric/download • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 7%CPEs: 1EXPL: 4CVE-2017-5223 – PHPMailer < 5.2.21 - Local File Disclosure
https://notcve.org/view.php?id=CVE-2017-5223
16 Jan 2017 — An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed a... • https://packetstorm.news/files/id/144768 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 93%CPEs: 3EXPL: 11CVE-2016-10045 – PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-10045
28 Dec 2016 — The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033. El transporte isMail en PHPMailer en versiones anteriores a 5.2.20 podrían permitir a atacantes remotos pasar parámetros extra al comando ... • https://packetstorm.news/files/id/140286 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 94%CPEs: 3EXPL: 38CVE-2016-10033 – WordPress Core 4.6 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-10033
26 Dec 2016 — The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. La función mailSend en el transporte isMail en PHPMailer en versiones anteriores a 5.2.18 podrían permitir a atacantes remotos pasar parámetros extra al comando mail y consecuentemente ejecutar código arbitrario a través de una \" (barra invertida comillas dobl... • https://packetstorm.news/files/id/142486 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 5.3EPSS: 1%CPEs: 4EXPL: 0CVE-2015-8476 – Debian Security Advisory 3416-1
https://notcve.org/view.php?id=CVE-2015-8476
14 Dec 2015 — Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796. Múltiples vulnerabilidades de inyección CRLF en PHPMailer en versiones anteriores a 5.2.14 permite a atacantes inyectar comandos SMTP arbitrarios a través de secuencias CRLF en (1) una... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177130.html • CWE-20: Improper Input Validation •