Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpmailer project phpmailer vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2009-1669
The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent malicious users to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third...
Smarty Smarty 2.6.22
1 EDB exploit
890
VMScore
CVE-2008-4796
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and previous versions, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote malicious users to execute arbitrary commands vi...
Snoopy Project Snoopy
Debian Debian Linux 4.0
Debian Debian Linux 5.0
Nagios Nagios
Wordpress Wordpress
830
VMScore
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer prior to 5.2.18 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
9 EDB exploits
116 Github repositories
792
VMScore
CVE-2016-10045
The isMail transport in PHPMailer prior to 5.2.20 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the ...
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
3 EDB exploits
89 Github repositories
668
VMScore
CVE-2020-36326
PHPMailer 6.1.8 up to and including 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unrea...
Phpmailer Project Phpmailer
Wordpress Wordpress
1 Github repository
668
VMScore
CVE-2008-4810
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote malicious users to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a doub...
Smarty Smarty 2.6.0
Smarty Smarty 2.4.0
Smarty Smarty 2.3.1
Smarty Smarty 1.5.1
Smarty Smarty 1.5.0
Smarty Smarty 1.4.0
Smarty Smarty 1.2.0
Smarty Smarty 1.1.0
Smarty Smarty 1.0b
Smarty Smarty 2.6.7
Smarty Smarty 2.6.9
Smarty Smarty 2.6.11
Smarty Smarty 2.6.12
Smarty Smarty 2.5.0
Smarty Smarty 2.3.0
Smarty Smarty 2.2.0
Smarty Smarty 2.1.1
Smarty Smarty 1.4.6
Smarty Smarty 1.4.5
Smarty Smarty 1.3.2
Smarty Smarty 1.0a
Smarty Smarty 1.0
614
VMScore
CVE-2008-5153
spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.
Moodle Moodle 1.8.2
605
VMScore
CVE-2021-3603
PHPMailer 6.4.1 and previous versions contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, ...
Phpmailer Project Phpmailer
Fedoraproject Fedora 33
Fedoraproject Fedora 34
605
VMScore
CVE-2018-19296
PHPMailer prior to 5.2.27 and 6.x prior to 6.0.6 is vulnerable to an object injection attack.
Phpmailer Project Phpmailer
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Wordpress Wordpress
1 Github repository
446
VMScore
CVE-2015-8476
Multiple CRLF injection vulnerabilities in PHPMailer prior to 5.2.14 allow malicious users to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class....
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Phpmailer Project Phpmailer
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »