Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpmailer vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2021-3603
PHPMailer 6.4.1 and previous versions contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, ...
Phpmailer Project Phpmailer
Fedoraproject Fedora 33
Fedoraproject Fedora 34
454
VMScore
CVE-2021-34551
PHPMailer prior to 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.
Phpmailer Project Phpmailer
Fedoraproject Fedora 33
Fedoraproject Fedora 34
668
VMScore
CVE-2020-36326
PHPMailer 6.1.8 up to and including 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unrea...
Phpmailer Project Phpmailer
Wordpress Wordpress
1 Github repository
445
VMScore
CVE-2020-13625
PHPMailer prior to 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.
Phpmailer Project Phpmailer
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
605
VMScore
CVE-2018-19296
PHPMailer prior to 5.2.27 and 6.x prior to 6.0.6 is vulnerable to an object injection attack.
Phpmailer Project Phpmailer
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Wordpress Wordpress
1 Github repository
447
VMScore
CVE-2018-7662
Couch up to and including 2.0 allows remote malicious users to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php.
Couchcms Couch
384
VMScore
CVE-2017-11503
PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.
Phpmailer Project Phpmailer 5.2.23
445
VMScore
CVE-2017-7983
In Joomla! 1.5.0 up to and including 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
Joomla Joomla\\! 3.1.0
Joomla Joomla\\! 3.1.2
Joomla Joomla\\! 1.6.0
Joomla Joomla\\! 1.6.2
Joomla Joomla\\! 1.7.2
Joomla Joomla\\! 1.7.4
Joomla Joomla\\! 2.5.5
Joomla Joomla\\! 2.5.7
Joomla Joomla\\! 2.5.12
Joomla Joomla\\! 2.5.14
Joomla Joomla\\! 2.5.21
Joomla Joomla\\! 2.5.23
Joomla Joomla\\! 1.5.17
Joomla Joomla\\! 1.5.19
Joomla Joomla\\! 1.5.24
Joomla Joomla\\! 1.5.26
Joomla Joomla\\! 1.5.5
Joomla Joomla\\! 1.5.7
Joomla Joomla\\! 1.5.14
Joomla Joomla\\! 1.5.15
Joomla Joomla\\! 3.2.3
Joomla Joomla\\! 3.3.0
240
VMScore
CVE-2017-5223
An issue exists in PHPMailer prior to 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directo...
Phpmailer Project Phpmailer
1 EDB exploit
84 Github repositories
NA
CVE-2016-1003
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10033. Reason: This candidate is a duplicate of CVE-2016-10033. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2016-10033 instead of this candidate. All references and descri...
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »