phpmailer project vulnerabilities and exploits

4.3
CVSSv2
CVE-2017-11503

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php....

Phpmailer ProjectPhpmailer
9
CVSSv2
CVE-2017-7692

SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote...

Squirrelmail
7.5
CVSSv2
CVE-2016-10034

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a...

ZendZend-mailZend Framework
7.5
CVSSv2
CVE-2016-10045

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail...

Phpmailer ProjectPhpmailer
7.5
CVSSv2
CVE-2016-10074

The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1)...

Swiftmailer
7.5
CVSSv2
CVE-2016-10033

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property....

Phpmailer ProjectPhpmailer
6.8
CVSSv2
CVE-2007-3215

PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php....