Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpmailer vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-13625
PHPMailer prior to 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.
Phpmailer Project Phpmailer
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
8.1
CVSSv3
CVE-2021-34551
PHPMailer prior to 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.
Phpmailer Project Phpmailer
Fedoraproject Fedora 33
Fedoraproject Fedora 34
NA
CVE-2016-100332
PHPMailer versions prior to 5.2.18 remote code execution exploit. Written in python.
NA
CVE-2016-1003
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10033. Reason: This candidate is a duplicate of CVE-2016-10033. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2016-10033 instead of this candidate. All references and descri...
1 EDB exploit
NA
CVE-2016-1004
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none
1 EDB exploit
9.8
CVSSv3
CVE-2016-10034
The setFrom function in the Sendmail adapter in the zend-mail component prior to 2.4.11, 2.5.x, 2.6.x, and 2.7.x prior to 2.7.2, and Zend Framework prior to 2.4.11 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary c...
Zend Zend Framework
Zend Zend-mail 2.6.2
Zend Zend-mail 2.7.0
Zend Zend-mail 2.7.1
Zend Zend-mail 2.5.0
Zend Zend-mail
Zend Zend-mail 2.6.0
Zend Zend-mail 2.6.1
Zend Zend-mail 2.5.1
Zend Zend-mail 2.5.2
3 EDB exploits
1 Github repository
9.8
CVSSv3
CVE-2016-10074
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer prior to 5.4.5 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the ...
Swiftmailer Swiftmailer
3 EDB exploits
1 Github repository
1 Article
5.3
CVSSv3
CVE-2018-7662
Couch up to and including 2.0 allows remote malicious users to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php.
Couchcms Couch
5.3
CVSSv3
CVE-2017-7983
In Joomla! 1.5.0 up to and including 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
Joomla Joomla\\! 3.1.0
Joomla Joomla\\! 3.1.2
Joomla Joomla\\! 1.6.0
Joomla Joomla\\! 1.6.2
Joomla Joomla\\! 1.7.2
Joomla Joomla\\! 1.7.4
Joomla Joomla\\! 2.5.5
Joomla Joomla\\! 2.5.7
Joomla Joomla\\! 2.5.12
Joomla Joomla\\! 2.5.14
Joomla Joomla\\! 2.5.21
Joomla Joomla\\! 2.5.23
Joomla Joomla\\! 1.5.17
Joomla Joomla\\! 1.5.19
Joomla Joomla\\! 1.5.24
Joomla Joomla\\! 1.5.26
Joomla Joomla\\! 1.5.5
Joomla Joomla\\! 1.5.7
Joomla Joomla\\! 1.5.14
Joomla Joomla\\! 1.5.15
Joomla Joomla\\! 3.2.3
Joomla Joomla\\! 3.3.0
NA
CVE-2010-4914
PHP remote file inclusion vulnerability in tools/phpmailer/class.phpmailer.php in PHP Classifieds 7.3 allows remote malicious users to execute arbitrary PHP code via a URL in the lang_path parameter.
Deltascripts Php Classifieds 7.3
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »