CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3603 – Inclusion of Functionality from Untrusted Control Sphere in PHPMailer/PHPMailer
https://notcve.org/view.php?id=CVE-2021-3603
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names. PHPMailer versión 6.4.1 y anteriores contienen una vulnerabilidad que puede resultar en la llamada de código no confiable (si dicho código es inyectado en el ámbito del proyecto anfitrión por otros medios). Si el parámetro $patternselect de la función validateAddress() es ajustada como "php" (el valor predeterminado, definido por PHPMailer::$validator), y el namespace global contiene una función llamada php, ésta será llamada con preferencia al validador incorporado del mismo nombre. • https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YRMWGA4VTMXFB22KICMB7YMFZNFV3EJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJYSOFCUBS67J3TKR74SD3C454N7VTYM https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.1EPSS: 2%CPEs: 4EXPL: 0CVE-2021-34551
https://notcve.org/view.php?id=CVE-2021-34551
PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. PHPMailer versiones anteriores a 6.5.0 en Windows, permite una ejecución de código remota si la función lang_path es un dato no confiable y presenta un nombre de ruta UNC • https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YRMWGA4VTMXFB22KICMB7YMFZNFV3EJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJYSOFCUBS67J3TKR74SD3C454N7VTYM • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-13625
https://notcve.org/view.php?id=CVE-2020-13625
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. PHPMailer versiones anteriores a 6.1.6, contiene un bug de escape de salida cuando el nombre de un archivo adjunto contiene un carácter de comillas dobles. Esto puede resultar en que el tipo de archivo esta siendo malinterpretado por el receptor o que cualquier retransmisión de correo procese el mensaje • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html https://github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6 https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj https://lists.debian.org/debian-lts-announce/2020/06/msg00014.html https://lists.debian.org/debian-lts-announce/2020/08/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject& • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-19296
https://notcve.org/view.php?id=CVE-2018-19296
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. PHPMailer en versiones anteriores a la 5.2.27 y versiones 6.x anteriores a la 6.0.6 es vulnerable a un ataque de inyección de objetos. • https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27 https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6 https://lists.debian.org/debian-lts-announce/2018/12/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT https://www.debian.org/security/2018/dsa-4351 • CWE-502: Deserialization of Untrusted Data CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 5.5EPSS: 92%CPEs: 1EXPL: 3CVE-2017-5223 – PHPMailer < 5.2.21 - Local File Disclosure
https://notcve.org/view.php?id=CVE-2017-5223
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory. • https://www.exploit-db.com/exploits/43056 https://github.com/cscli/CVE-2017-5223 http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis http://www.securityfocus.com/bid/95328 https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •