Published: 16/11/2018 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

PHPMailer prior to 5.2.27 and 6.x prior to 6.0.6 is vulnerable to an object injection attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpmailer project phpmailer
debian debian linux 8.0
debian debian linux 9.0
fedoraproject fedora 33
fedoraproject fedora 34
wordpress wordpress

Debian Bug report logs - #913912 libphp-phpmailer: CVE-2018-19296 Package: src:libphp-phpmailer; Maintainer for src:libphp-phpmailer is Debian PHP PEAR Maintainers <pkg-php-pear@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 16 Nov 2018 20:30:01 UTC Severity: grave Tags: pa ...

Trivy example module for WordPress

Trivy WoredPress Module This module provides a more in-depth investigation of Wordpress detection Set up $ tinygo build -o wordpresswasm -scheduler=none -target=wasi --no-debug wordpressgo $ mkdir -p ~/trivy/modules $ cp wordpresswasm ~/trivy/modules It is also available in GHCR You can install it via trivy module install $ trivy

CWE-502 CWE-1321 https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6 https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27 https://www.debian.org/security/2018/dsa-4351 https://lists.debian.org/debian-lts-announce/2018/12/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913912 https://nvd.nist.gov https://github.com/aquasecurity/trivy-module-wordpress

CVE-2018-19296

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect