Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
phpmailer project phpmailer vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-36326
PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by...
Phpmailer Project Phpmailer
Wordpress Wordpress
2 Github repositories available
5.5
CVSSv3
CVE-2017-5223
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base...
Phpmailer Project Phpmailer
1 EDB exploit available
83 Github repositories available
8.1
CVSSv3
CVE-2021-3603
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined...
Phpmailer Project Phpmailer
Fedoraproject Fedora 33
Fedoraproject Fedora 34
6.1
CVSSv3
CVE-2017-11503
PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php....
Phpmailer Project Phpmailer 5.2.23
9.8
CVSSv3
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property....
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
5 EDB exploits available
1 Metasploit module available
85 Github repositories available
2 Articles available
9.8
CVSSv3
CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail...
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
2 EDB exploits available
1 Metasploit module available
85 Github repositories available
2 Articles available
NA
CVE-2015-8476
Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in...
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Phpmailer Project Phpmailer
2 Github repositories available
8.8
CVSSv3
CVE-2018-19296
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack....
Phpmailer Project Phpmailer
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Wordpress Wordpress
2 Github repositories available
7.5
CVSSv3
CVE-2020-13625
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message....
Phpmailer Project Phpmailer
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-4518
malicious code
validation
CVE-2023-42916
template injection
CVE-2023-41266
CVE-2023-43089
CVE-2023-5995
CVE-2023-21746
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started