Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zip attachments project zip attachments vulnerabilities and exploits
(subscribe to this query)
8.6
CVSSv3
CVE-2015-4694
Directory traversal vulnerability in download.php in the Zip Attachments plugin prior to 1.5.1 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the za_file parameter.
Zip Attachments Project Zip Attachments
7.5
CVSSv3
CVE-2015-4704
Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the File parameter to download.php.
Download Zip Attachments Project Download Zip Attachments 1.0
9.8
CVSSv3
CVE-2016-1000282
Haraka version 2.8.8 and previous versions comes with a plugin for processing attachments for zip files. Versions 2.8.8 and previous versions can be vulnerable to command injection.
Haraka Project Haraka
5.5
CVSSv3
CVE-2017-5223
An issue exists in PHPMailer prior to 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directo...
Phpmailer Project Phpmailer
1 EDB exploit
87 Github repositories
9.8
CVSSv3
CVE-2016-10045
The isMail transport in PHPMailer prior to 5.2.20 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the ...
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
3 EDB exploits
91 Github repositories
9.8
CVSSv3
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer prior to 5.2.18 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
9 EDB exploits
120 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started