CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3603 – Inclusion of Functionality from Untrusted Control Sphere in PHPMailer/PHPMailer
https://notcve.org/view.php?id=CVE-2021-3603
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names. PHPMailer versión 6.4.1 y anteriores contienen una vulnerabilidad que puede resultar en la llamada de código no confiable (si dicho código es inyectado en el ámbito del proyecto anfitrión por otros medios). Si el parámetro $patternselect de la función validateAddress() es ajustada como "php" (el valor predeterminado, definido por PHPMailer::$validator), y el namespace global contiene una función llamada php, ésta será llamada con preferencia al validador incorporado del mismo nombre. • https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YRMWGA4VTMXFB22KICMB7YMFZNFV3EJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJYSOFCUBS67J3TKR74SD3C454N7VTYM https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.1EPSS: 2%CPEs: 4EXPL: 0CVE-2021-34551
https://notcve.org/view.php?id=CVE-2021-34551
PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. PHPMailer versiones anteriores a 6.5.0 en Windows, permite una ejecución de código remota si la función lang_path es un dato no confiable y presenta un nombre de ruta UNC • https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YRMWGA4VTMXFB22KICMB7YMFZNFV3EJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJYSOFCUBS67J3TKR74SD3C454N7VTYM • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 0CVE-2020-36326
https://notcve.org/view.php?id=CVE-2020-36326
PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation. PHPMailer versión 6.1.8 hasta la versión 6.4.0 permite la inyección de objetos a través de Phar Deserialization vía addAttachment con un nombre de ruta UNC. NOTA: esto es similar a CVE-2018-19296, pero surgió porque la versión 6.1.8 corrigió un problema de funcionalidad en el que los nombres de ruta UNC siempre se consideraban ilegibles por PHPMailer, incluso en contextos seguros. • https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-13625
https://notcve.org/view.php?id=CVE-2020-13625
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. PHPMailer versiones anteriores a 6.1.6, contiene un bug de escape de salida cuando el nombre de un archivo adjunto contiene un carácter de comillas dobles. Esto puede resultar en que el tipo de archivo esta siendo malinterpretado por el receptor o que cualquier retransmisión de correo procese el mensaje • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html https://github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6 https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj https://lists.debian.org/debian-lts-announce/2020/06/msg00014.html https://lists.debian.org/debian-lts-announce/2020/08/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject& • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-19296
https://notcve.org/view.php?id=CVE-2018-19296
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. PHPMailer en versiones anteriores a la 5.2.27 y versiones 6.x anteriores a la 6.0.6 es vulnerable a un ataque de inyección de objetos. • https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27 https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6 https://lists.debian.org/debian-lts-announce/2018/12/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT https://www.debian.org/security/2018/dsa-4351 • CWE-502: Deserialization of Untrusted Data CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •