CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3603 – Inclusion of Functionality from Untrusted Control Sphere in PHPMailer/PHPMailer
https://notcve.org/view.php?id=CVE-2021-3603
17 Jun 2021 — PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function n... • https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.1EPSS: 2%CPEs: 4EXPL: 0CVE-2021-34551
https://notcve.org/view.php?id=CVE-2021-34551
16 Jun 2021 — PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. PHPMailer versiones anteriores a 6.5.0 en Windows, permite una ejecución de código remota si la función lang_path es un dato no confiable y presenta un nombre de ruta UNC • https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 0CVE-2020-36326
https://notcve.org/view.php?id=CVE-2020-36326
28 Apr 2021 — PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation. PHPMailer versión 6.1.8 hasta la versión 6.4.0 permite la inyección de objetos a través de Phar Deser... • https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9 • CWE-502: Deserialization of Untrusted Data •