Full Featured Email Transfer Class for PHP. PHPMailer features: * Supports emails digitally signed with S/MIME encryption! * Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs * Works on any platform. * Supports Text & HTML emails. * Embedded image support. * Multipart/alternative emails for mail clients that do not read HTML email. * Flexible debugging. * Custom mail headers. * Redundant SMTP servers. * Support for 8bit, base64, binary, and quoted-printable encoding. * Word wrap. * Multiple fs, string, and binary attachments (those from database, string, etc). * SMTP authentication. * Tested on multiple SMTP servers: Sendmail, qmail, Postfix, Gmail, Imail, Exchange, etc. * Good documentation, many examples included in download. * It's swift, small, and simple.
{"debian": [{"lastseen": "2021-10-22T11:18:53", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2306-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Abhijith PA\nAugust 01, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : libphp-phpmailer\nVersion : 5.2.14+dfsg-2.3+deb9u2\nCVE ID : CVE-2020-13625\nDebian Bug : 962827\n\nIt was discovered that there was an escaping issue in\nlibphp-phpmailer, an email generation utility class for the PHP\nprogramming language.\n\nThe `Content-Type` and `Content-Disposition` headers could have\npermitted file attachments that bypassed attachment filters which\nmatch on filename extensions.\n\nFor Debian 9 stretch, this problem has been fixed in version\n5.2.14+dfsg-2.3+deb9u2.\n\nWe recommend that you upgrade your libphp-phpmailer packages.\n\nFor the detailed security status of libphp-phpmailer please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libphp-phpmailer\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-08-02T04:39:28", "type": "debian", "title": "[SECURITY] [DLA 2306-1] libphp-phpmailer security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13625"], "modified": "2020-08-02T04:39:28", "id": "DEBIAN:DLA-2306-1:45746", "href": "https://lists.debian.org/debian-lts-announce/2020/08/msg00004.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-01T15:07:38", "description": "Package : libphp-phpmailer\nVersion : 5.2.9+dfsg-2+deb8u6\nCVE ID : CVE-2020-13625\n\nIt was discovered that there was an escaping issue in\nlibphp-phpmailer, an email generation utility class for the PHP\nprogramming language.\n\nThe `Content-Type` and `Content-Disposition` headers could have\npermitted file attachments that bypassed attachment filters which\nmatch on filename extensions. For more information, please see the\nfollowing URL:\n\n https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj\n\nFor Debian 8 "Jessie", this issue has been fixed in libphp-phpmailer version\n5.2.9+dfsg-2+deb8u6.\n\nWe recommend that you upgrade your libphp-phpmailer packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\nRegards,\n\n- --\n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-11T14:27:34", "type": "debian", "title": "[SECURITY] [DLA 2244-1] libphp-phpmailer security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13625"], "modified": "2020-06-11T14:27:34", "id": "DEBIAN:DLA-2244-1:6978D", "href": "https://lists.debian.org/debian-lts-announce/2020/06/msg00014.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-07T14:58:53", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2306-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Abhijith PA\nAugust 01, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : libphp-phpmailer\nVersion : 5.2.14+dfsg-2.3+deb9u2\nCVE ID : CVE-2020-13625\nDebian Bug : 962827\n\nIt was discovered that there was an escaping issue in\nlibphp-phpmailer, an email generation utility class for the PHP\nprogramming language.\n\nThe `Content-Type` and `Content-Disposition` headers could have\npermitted file attachments that bypassed attachment filters which\nmatch on filename extensions.\n\nFor Debian 9 stretch, this problem has been fixed in version\n5.2.14+dfsg-2.3+deb9u2.\n\nWe recommend that you upgrade your libphp-phpmailer packages.\n\nFor the detailed security status of libphp-phpmailer please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libphp-phpmailer\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-08-02T04:39:28", "type": "debian", "title": "[SECURITY] [DLA 2306-1] libphp-phpmailer security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13625"], "modified": "2020-08-02T04:39:28", "id": "DEBIAN:DLA-2306-1:97512", "href": "https://lists.debian.org/debian-lts-announce/2020/08/msg00004.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-22T11:23:16", "description": "Package : libphp-phpmailer\nVersion : 5.2.9+dfsg-2+deb8u6\nCVE ID : CVE-2020-13625\n\nIt was discovered that there was an escaping issue in\nlibphp-phpmailer, an email generation utility class for the PHP\nprogramming language.\n\nThe `Content-Type` and `Content-Disposition` headers could have\npermitted file attachments that bypassed attachment filters which\nmatch on filename extensions. For more information, please see the\nfollowing URL:\n\n https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj\n\nFor Debian 8 "Jessie", this issue has been fixed in libphp-phpmailer version\n5.2.9+dfsg-2+deb8u6.\n\nWe recommend that you upgrade your libphp-phpmailer packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\nRegards,\n\n- --\n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-11T14:27:34", "type": "debian", "title": "[SECURITY] [DLA 2244-1] libphp-phpmailer security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13625"], "modified": "2020-06-11T14:27:34", "id": "DEBIAN:DLA-2244-1:B76E2", "href": "https://lists.debian.org/debian-lts-announce/2020/06/msg00014.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2020-07-21T19:46:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-07-02T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for php-PHPMailer (FEDORA-2020-06e87e71fe)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13625"], "modified": "2020-07-06T00:00:00", "id": "OPENVAS:1361412562310878020", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310878020", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.878020\");\n script_version(\"2020-07-06T06:27:18+0000\");\n script_cve_id(\"CVE-2020-13625\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-07-06 06:27:18 +0000 (Mon, 06 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-02 03:43:38 +0000 (Thu, 02 Jul 2020)\");\n script_name(\"Fedora: Security Advisory for php-PHPMailer (FEDORA-2020-06e87e71fe)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-06e87e71fe\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMH4TC5XTS3KZVGMSKEPPBZ2XTZCKKCX\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php-PHPMailer'\n package(s) announced via the FEDORA-2020-06e87e71fe advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Full Featured Email Transfer Class for PHP. PHPMailer features:\n\n * Supports emails digitally signed with S/MIME encryption!\n\n * Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs\n\n * Works on any platform.\n\n * Supports Text & HTML emails.\n\n * Embedded image support.\n\n * Multipart/alternative emails for mail clients that do not read\n HTML email.\n\n * Flexible debugging.\n\n * Custom mail headers.\n\n * Redundant SMTP servers.\n\n * Support for 8bit, base64, binary, and quoted-printable encoding.\n\n * Word wrap.\n\n * Multiple fs, string, and binary attachments (those from database,\n string, etc).\n\n * SMTP authentication.\n\n * Tested on multiple SMTP servers: Sendmail, qmail, Postfix, Gmail,\n Imail, Exchange, etc.\n\n * Good documentation, many examples included in download.\n\n * It', s swift, small, and simple.\");\n\n script_tag(name:\"affected\", value:\"'php-PHPMailer' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php-PHPMailer\", rpm:\"php-PHPMailer~5.2.28~2.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-06-17T15:43:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-06-08T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for php-phpmailer6 (FEDORA-2020-d67df93aa6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13625"], "modified": "2020-06-16T00:00:00", "id": "OPENVAS:1361412562310877948", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877948", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877948\");\n script_version(\"2020-06-16T07:17:49+0000\");\n script_cve_id(\"CVE-2020-13625\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-16 07:17:49 +0000 (Tue, 16 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-08 03:33:42 +0000 (Mon, 08 Jun 2020)\");\n script_name(\"Fedora: Security Advisory for php-phpmailer6 (FEDORA-2020-d67df93aa6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-d67df93aa6\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXI4BTLWBPZVP46H7IX3JQ35E2DRAG43\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php-phpmailer6'\n package(s) announced via the FEDORA-2020-d67df93aa6 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"PHPMailer - A full-featured email creation and transfer class for PHP\n\nClass Features\n\n * Probably the world', s most popular code for sending email from PHP!\n\n * Used by many open-source projects:\n WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more\n\n * Integrated SMTP support - send without a local mail server\n\n * Send emails with multiple To, CC, BCC and Reply-to addresses\n\n * Multipart/alternative emails for mail clients that do not read HTML email\n\n * Add attachments, including inline\n\n * Support for UTF-8 content and 8bit, base64, binary, and quoted-printable\n encodings\n\n * SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms\n over SSL and SMTP+STARTTLS transports\n\n * Validates email addresses automatically\n\n * Protect against header injection attacks\n\n * Error messages in 47 languages!\n\n * DKIM and S/MIME signing support\n\n * Compatible with PHP 5.5 and later\n\n * Namespaced to prevent name clashes\n\n * Much more!\n\n\nAutoloader: /usr/share/php/PHPMailer/PHPMailer6/autoload.php\");\n\n script_tag(name:\"affected\", value:\"'php-phpmailer6' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php-phpmailer6\", rpm:\"php-phpmailer6~6.1.6~2.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-06-17T15:42:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-06-08T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for php-phpmailer6 (FEDORA-2020-6d2e1105f2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13625"], "modified": "2020-06-16T00:00:00", "id": "OPENVAS:1361412562310877949", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877949", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877949\");\n script_version(\"2020-06-16T07:17:49+0000\");\n script_cve_id(\"CVE-2020-13625\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-16 07:17:49 +0000 (Tue, 16 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-08 03:33:42 +0000 (Mon, 08 Jun 2020)\");\n script_name(\"Fedora: Security Advisory for php-phpmailer6 (FEDORA-2020-6d2e1105f2)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-6d2e1105f2\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBRDMEV3CB44CAAF5BOHFNV23JVRO6PZ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php-phpmailer6'\n package(s) announced via the FEDORA-2020-6d2e1105f2 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"PHPMailer - A full-featured email creation and transfer class for PHP\n\nClass Features\n\n * Probably the world', s most popular code for sending email from PHP!\n\n * Used by many open-source projects:\n WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more\n\n * Integrated SMTP support - send without a local mail server\n\n * Send emails with multiple To, CC, BCC and Reply-to addresses\n\n * Multipart/alternative emails for mail clients that do not read HTML email\n\n * Add attachments, including inline\n\n * Support for UTF-8 content and 8bit, base64, binary, and quoted-printable\n encodings\n\n * SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms\n over SSL and SMTP+STARTTLS transports\n\n * Validates email addresses automatically\n\n * Protect against header injection attacks\n\n * Error messages in 47 languages!\n\n * DKIM and S/MIME signing support\n\n * Compatible with PHP 5.5 and later\n\n * Namespaced to prevent name clashes\n\n * Much more!\n\n\nAutoloader: /usr/share/php/PHPMailer/PHPMailer6/autoload.php\");\n\n script_tag(name:\"affected\", value:\"'php-phpmailer6' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php-phpmailer6\", rpm:\"php-phpmailer6~6.1.6~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-21T19:49:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-07-02T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for php-PHPMailer (FEDORA-2020-0bbe6304e3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13625"], "modified": "2020-07-06T00:00:00", "id": "OPENVAS:1361412562310878018", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310878018", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.878018\");\n script_version(\"2020-07-06T06:27:18+0000\");\n script_cve_id(\"CVE-2020-13625\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-07-06 06:27:18 +0000 (Mon, 06 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-02 03:42:37 +0000 (Thu, 02 Jul 2020)\");\n script_name(\"Fedora: Security Advisory for php-PHPMailer (FEDORA-2020-0bbe6304e3)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-0bbe6304e3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFM3BZABL6RUHTVMXSC7OFMP4CKWMRPJ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php-PHPMailer'\n package(s) announced via the FEDORA-2020-0bbe6304e3 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Full Featured Email Transfer Class for PHP. PHPMailer features:\n\n * Supports emails digitally signed with S/MIME encryption!\n\n * Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs\n\n * Works on any platform.\n\n * Supports Text & HTML emails.\n\n * Embedded image support.\n\n * Multipart/alternative emails for mail clients that do not read\n HTML email.\n\n * Flexible debugging.\n\n * Custom mail headers.\n\n * Redundant SMTP servers.\n\n * Support for 8bit, base64, binary, and quoted-printable encoding.\n\n * Word wrap.\n\n * Multiple fs, string, and binary attachments (those from database,\n string, etc).\n\n * SMTP authentication.\n\n * Tested on multiple SMTP servers: Sendmail, qmail, Postfix, Gmail,\n Imail, Exchange, etc.\n\n * Good documentation, many examples included in download.\n\n * It', s swift, small, and simple.\");\n\n script_tag(name:\"affected\", value:\"'php-PHPMailer' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php-PHPMailer\", rpm:\"php-PHPMailer~5.2.28~2.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-06-16T15:55:19", "description": "PHPMailer contains an output escaping bug when the name of a file attachment\n contains a double quote character. This can result in the file type being misinterpreted by the receiver or\n any mail relay processing the message.", "cvss3": {}, "published": "2020-06-15T00:00:00", "type": "openvas", "title": "PHPMailer < 6.1.6 Output Escaping Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13625"], "modified": "2020-06-15T00:00:00", "id": "OPENVAS:1361412562310144109", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310144109", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:phpmailer_project:phpmailer\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.144109\");\n script_version(\"2020-06-15T08:51:47+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-15 08:51:47 +0000 (Mon, 15 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-15 08:43:45 +0000 (Mon, 15 Jun 2020)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2020-13625\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_name(\"PHPMailer < 6.1.6 Output Escaping Vulnerability\");\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_phpmailer_detect.nasl\");\n script_mandatory_keys(\"phpmailer/detected\");\n\n script_tag(name:\"summary\", value:\"PHPMailer contains an output escaping bug when the name of a file attachment\n contains a double quote character. This can result in the file type being misinterpreted by the receiver or\n any mail relay processing the message.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"PHPMailer versions prior to 6.1.6.\");\n\n script_tag(name:\"solution\", value:\"Update to version 6.1.6 or later.\");\n\n script_xref(name:\"URL\", value:\"https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif (version_is_less(version: version, test_version: \"6.1.6\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"6.1.6\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-06-16T15:58:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-06-12T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for libphp-phpmailer (DLA-2244-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13625"], "modified": "2020-06-12T00:00:00", "id": "OPENVAS:1361412562310892244", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892244", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892244\");\n script_version(\"2020-06-12T03:00:07+0000\");\n script_cve_id(\"CVE-2020-13625\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-12 03:00:07 +0000 (Fri, 12 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-12 03:00:07 +0000 (Fri, 12 Jun 2020)\");\n script_name(\"Debian LTS: Security Advisory for libphp-phpmailer (DLA-2244-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/06/msg00014.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2244-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libphp-phpmailer'\n package(s) announced via the DLA-2244-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that there was an escaping issue in\nlibphp-phpmailer, an email generation utility class for the PHP\nprogramming language.\n\nThe `Content-Type` and `Content-Disposition` headers could have\npermitted file attachments that bypassed attachment filters which\nmatch on filename extensions. For more information, please see the\nfollowing URL:\");\n\n script_tag(name:\"affected\", value:\"'libphp-phpmailer' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this issue has been fixed in libphp-phpmailer version\n5.2.9+dfsg-2+deb8u6.\n\nWe recommend that you upgrade your libphp-phpmailer packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libphp-phpmailer\", ver:\"5.2.9+dfsg-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-12-16T13:54:40", "description": "Fix CVE-2020-13625 vulnerability.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-07-01T00:00:00", "type": "nessus", "title": "Fedora 31 : php-PHPMailer (2020-0bbe6304e3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13625"], "modified": "2020-07-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php-PHPMailer", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-0BBE6304E3.NASL", "href": "https://www.tenable.com/plugins/nessus/137923", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-0bbe6304e3.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137923);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/06\");\n\n script_cve_id(\"CVE-2020-13625\");\n script_xref(name:\"FEDORA\", value:\"2020-0bbe6304e3\");\n\n script_name(english:\"Fedora 31 : php-PHPMailer (2020-0bbe6304e3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Fix CVE-2020-13625 vulnerability.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-0bbe6304e3\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected php-PHPMailer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-PHPMailer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"php-PHPMailer-5.2.28-2.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-PHPMailer\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-16T13:52:40", "description": "Fix CVE-2020-13625 vulnerability.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-07-01T00:00:00", "type": "nessus", "title": "Fedora 32 : php-PHPMailer (2020-06e87e71fe)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13625"], "modified": "2020-07-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php-PHPMailer", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-06E87E71FE.NASL", "href": "https://www.tenable.com/plugins/nessus/137922", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-06e87e71fe.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137922);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/06\");\n\n script_cve_id(\"CVE-2020-13625\");\n script_xref(name:\"FEDORA\", value:\"2020-06e87e71fe\");\n\n script_name(english:\"Fedora 32 : php-PHPMailer (2020-06e87e71fe)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Fix CVE-2020-13625 vulnerability.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-06e87e71fe\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected php-PHPMailer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-PHPMailer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"php-PHPMailer-5.2.28-2.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-PHPMailer\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-16T13:51:30", "description": "This is a security release, with some other minor changes. For full details, refer to the [advisory](https://github.com/PHPMailer/PHPMailer/security/advisories/ GHSA-f7hx-fqxw-rvvj).\n\n - **SECURITY** Fix insufficient output escaping bug in file attachment names. **CVE-2020-13625**. Reported by Elar Lang of Clarified Security.\n\n - Correct Armenian ISO language code from am to hy, add mapping for fallback\n\n - Use correct timeout property in debug output\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-06-08T00:00:00", "type": "nessus", "title": "Fedora 32 : php-phpmailer6 (2020-d67df93aa6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13625"], "modified": "2020-06-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php-phpmailer6", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-D67DF93AA6.NASL", "href": "https://www.tenable.com/plugins/nessus/137213", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-d67df93aa6.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137213);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/18\");\n\n script_cve_id(\"CVE-2020-13625\");\n script_xref(name:\"FEDORA\", value:\"2020-d67df93aa6\");\n\n script_name(english:\"Fedora 32 : php-phpmailer6 (2020-d67df93aa6)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This is a security release, with some other minor changes. For full\ndetails, refer to the\n[advisory](https://github.com/PHPMailer/PHPMailer/security/advisories/\nGHSA-f7hx-fqxw-rvvj).\n\n - **SECURITY** Fix insufficient output escaping bug in\n file attachment names. **CVE-2020-13625**. Reported by\n Elar Lang of Clarified Security.\n\n - Correct Armenian ISO language code from am to hy, add\n mapping for fallback\n\n - Use correct timeout property in debug output\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-d67df93aa6\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected php-phpmailer6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-phpmailer6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"php-phpmailer6-6.1.6-2.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-phpmailer6\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-05T11:50:39", "description": "The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4505-1 advisory.\n\n - PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. (CVE-2020-13625)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-09-17T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : PHPMailer vulnerability (USN-4505-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13625"], "modified": "2020-11-24T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libphp-phpmailer"], "id": "UBUNTU_USN-4505-1.NASL", "href": "https://www.tenable.com/plugins/nessus/140639", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4505-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140639);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/24\");\n\n script_cve_id(\"CVE-2020-13625\");\n script_xref(name:\"USN\", value:\"4505-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : PHPMailer vulnerability (USN-4505-1)\");\n script_summary(english:\"Checks the dpkg output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the\nUSN-4505-1 advisory.\n\n - PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a\n double quote character. This can result in the file type being misinterpreted by the receiver or any mail\n relay processing the message. (CVE-2020-13625)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4505-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libphp-phpmailer package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13625\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libphp-phpmailer\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '18.04', 'pkgname': 'libphp-phpmailer', 'pkgver': '5.2.14+dfsg-2.3+deb9u2build0.18.04.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libphp-phpmailer');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-16T13:46:48", "description": "It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language.\n\nThe `Content-Type` and `Content-Disposition` headers could have permitted file attachments that bypassed attachment filters which match on filename extensions.\n\nFor Debian 9 stretch, this problem has been fixed in version 5.2.14+dfsg-2.3+deb9u2.\n\nWe recommend that you upgrade your libphp-phpmailer packages.\n\nFor the detailed security status of libphp-phpmailer please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/libphp-phpmailer\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-08-03T00:00:00", "type": "nessus", "title": "Debian DLA-2306-1 : libphp-phpmailer security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13625"], "modified": "2020-08-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libphp-phpmailer", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2306.NASL", "href": "https://www.tenable.com/plugins/nessus/139249", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2306-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139249);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/06\");\n\n script_cve_id(\"CVE-2020-13625\");\n\n script_name(english:\"Debian DLA-2306-1 : libphp-phpmailer security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that there was an escaping issue in\nlibphp-phpmailer, an email generation utility class for the PHP\nprogramming language.\n\nThe `Content-Type` and `Content-Disposition` headers could have\npermitted file attachments that bypassed attachment filters which\nmatch on filename extensions.\n\nFor Debian 9 stretch, this problem has been fixed in version\n5.2.14+dfsg-2.3+deb9u2.\n\nWe recommend that you upgrade your libphp-phpmailer packages.\n\nFor the detailed security status of libphp-phpmailer please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libphp-phpmailer\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/08/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/libphp-phpmailer\"\n );\n # https://security-tracker.debian.org/tracker/source-package/libphp-phpmailer\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d0c8b2f0\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the affected libphp-phpmailer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libphp-phpmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libphp-phpmailer\", reference:\"5.2.14+dfsg-2.3+deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-16T13:51:31", "description": "It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language.\n\nThe `Content-Type` and `Content-Disposition` headers could have permitted file attachments that bypassed attachment filters which match on filename extensions. For more information, please see the following URL :\n\nhttps://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-f qxw-rvvj\n\nFor Debian 8 'Jessie', this issue has been fixed in libphp-phpmailer version 5.2.9+dfsg-2+deb8u6.\n\nWe recommend that you upgrade your libphp-phpmailer packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-06-12T00:00:00", "type": "nessus", "title": "Debian DLA-2244-1 : libphp-phpmailer security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13625"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libphp-phpmailer", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2244.NASL", "href": "https://www.tenable.com/plugins/nessus/137371", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2244-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137371);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2020-13625\");\n\n script_name(english:\"Debian DLA-2244-1 : libphp-phpmailer security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that there was an escaping issue in\nlibphp-phpmailer, an email generation utility class for the PHP\nprogramming language.\n\nThe `Content-Type` and `Content-Disposition` headers could have\npermitted file attachments that bypassed attachment filters which\nmatch on filename extensions. For more information, please see the\nfollowing URL :\n\nhttps://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-f\nqxw-rvvj\n\nFor Debian 8 'Jessie', this issue has been fixed in libphp-phpmailer\nversion 5.2.9+dfsg-2+deb8u6.\n\nWe recommend that you upgrade your libphp-phpmailer packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n # https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?735e2c3e\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/06/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libphp-phpmailer\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the affected libphp-phpmailer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libphp-phpmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libphp-phpmailer\", reference:\"5.2.9+dfsg-2+deb8u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-16T13:54:39", "description": "This is a security release, with some other minor changes. For full details, refer to the [advisory](https://github.com/PHPMailer/PHPMailer/security/advisories/ GHSA-f7hx-fqxw-rvvj).\n\n - **SECURITY** Fix insufficient output escaping bug in file attachment names. **CVE-2020-13625**. Reported by Elar Lang of Clarified Security.\n\n - Correct Armenian ISO language code from am to hy, add mapping for fallback\n\n - Use correct timeout property in debug output\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-06-08T00:00:00", "type": "nessus", "title": "Fedora 31 : php-phpmailer6 (2020-6d2e1105f2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13625"], "modified": "2020-06-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php-phpmailer6", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-6D2E1105F2.NASL", "href": "https://www.tenable.com/plugins/nessus/137212", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-6d2e1105f2.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137212);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/18\");\n\n script_cve_id(\"CVE-2020-13625\");\n script_xref(name:\"FEDORA\", value:\"2020-6d2e1105f2\");\n\n script_name(english:\"Fedora 31 : php-phpmailer6 (2020-6d2e1105f2)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This is a security release, with some other minor changes. For full\ndetails, refer to the\n[advisory](https://github.com/PHPMailer/PHPMailer/security/advisories/\nGHSA-f7hx-fqxw-rvvj).\n\n - **SECURITY** Fix insufficient output escaping bug in\n file attachment names. **CVE-2020-13625**. Reported by\n Elar Lang of Clarified Security.\n\n - Correct Armenian ISO language code from am to hy, add\n mapping for fallback\n\n - Use correct timeout property in debug output\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-6d2e1105f2\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected php-phpmailer6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-phpmailer6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"php-phpmailer6-6.1.6-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-phpmailer6\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-06-16T15:39:03", "description": "Cacti developers reports :\n\nMultiple fixes for bundled jQuery to prevent code exec (CVE-2020-11022, CVE-2020-11023).\n\nPHPMail contains a escaping bug (CVE-2020-13625).\n\nSQL Injection via color.php in Cacti (CVE-2020-14295).", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "FreeBSD : Cacti -- multiple vulnerabilities (cd2dc126-cfe4-11ea-9172-4c72b94353b5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11022", "CVE-2020-11023", "CVE-2020-13625", "CVE-2020-14295"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:cacti", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_CD2DC126CFE411EA91724C72B94353B5.NASL", "href": "https://www.tenable.com/plugins/nessus/139112", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139112);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2020-11022\",\n \"CVE-2020-11023\",\n \"CVE-2020-13625\",\n \"CVE-2020-14295\"\n );\n\n script_name(english:\"FreeBSD : Cacti -- multiple vulnerabilities (cd2dc126-cfe4-11ea-9172-4c72b94353b5)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Cacti developers reports :\n\nMultiple fixes for bundled jQuery to prevent code exec\n(CVE-2020-11022, CVE-2020-11023).\n\nPHPMail contains a escaping bug (CVE-2020-13625).\n\nSQL Injection via color.php in Cacti (CVE-2020-14295).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.cacti.net/release_notes.php?version=1.2.13\");\n # https://vuxml.freebsd.org/freebsd/cd2dc126-cfe4-11ea-9172-4c72b94353b5.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?785abf15\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14295\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13625\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Cacti color filter authenticated SQLi to RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:cacti\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"cacti<1.2.13\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T15:38:36", "description": "This update for cacti, cacti-spine fixes the following issues :\n\n - cacti 1.2.13 :\n\n - Query XSS vulnerabilities require vendor package update (CVE-2020-11022 / CVE-2020-11023)\n\n - Lack of escaping on some pages can lead to XSS exposure\n\n - Update PHPMailer to 6.1.6 (CVE-2020-13625)\n\n - SQL Injection vulnerability due to input validation failure when editing colors (CVE-2020-14295, boo#1173090)\n\n - Lack of escaping on template import can lead to XSS exposure\n\n - switch from cron to systemd timers (boo#1115436) :\n\n + cacti-cron.timer\n\n + cacti-cron.service\n\n - avoid potential root escalation on systems with fs.protected_hardlinks=0 (boo#1154087): handle directory permissions in file section instead of using chown during post installation\n\n - rewrote apache configuration to get rid of .htaccess files and explicitely disable directory permissions per default (only allow a limited, well-known set of directories)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-07-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : cacti / cacti-spine (openSUSE-2020-1060)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11022", "CVE-2020-11023", "CVE-2020-13625", "CVE-2020-14295"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cacti", "p-cpe:/a:novell:opensuse:cacti-spine", "p-cpe:/a:novell:opensuse:cacti-spine-debuginfo", "p-cpe:/a:novell:opensuse:cacti-spine-debugsource", "cpe:/o:novell:opensuse:15.1", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1060.NASL", "href": "https://www.tenable.com/plugins/nessus/138985", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1060.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138985);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-11022\", \"CVE-2020-11023\", \"CVE-2020-13625\", \"CVE-2020-14295\");\n\n script_name(english:\"openSUSE Security Update : cacti / cacti-spine (openSUSE-2020-1060)\");\n script_summary(english:\"Check for the openSUSE-2020-1060 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for cacti, cacti-spine fixes the following issues :\n\n - cacti 1.2.13 :\n\n - Query XSS vulnerabilities require vendor package update\n (CVE-2020-11022 / CVE-2020-11023)\n\n - Lack of escaping on some pages can lead to XSS exposure\n\n - Update PHPMailer to 6.1.6 (CVE-2020-13625)\n\n - SQL Injection vulnerability due to input validation\n failure when editing colors (CVE-2020-14295,\n boo#1173090)\n\n - Lack of escaping on template import can lead to XSS\n exposure\n\n - switch from cron to systemd timers (boo#1115436) :\n\n + cacti-cron.timer\n\n + cacti-cron.service\n\n - avoid potential root escalation on systems with\n fs.protected_hardlinks=0 (boo#1154087): handle directory\n permissions in file section instead of using chown\n during post installation\n\n - rewrote apache configuration to get rid of .htaccess\n files and explicitely disable directory permissions per\n default (only allow a limited, well-known set of\n directories)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173090\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected cacti / cacti-spine packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14295\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Cacti color filter authenticated SQLi to RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cacti\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cacti-spine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cacti-spine-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cacti-spine-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1|SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1 / 15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"cacti-1.2.13-lp151.3.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"cacti-spine-1.2.13-lp151.3.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"cacti-spine-debuginfo-1.2.13-lp151.3.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"cacti-spine-debugsource-1.2.13-lp151.3.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"cacti-1.2.13-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"cacti-spine-1.2.13-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"cacti-spine-debuginfo-1.2.13-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"cacti-spine-debugsource-1.2.13-lp152.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cacti-spine / cacti-spine-debuginfo / cacti-spine-debugsource / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2021-12-14T17:49:58", "description": "PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-08T17:15:00", "type": "debiancve", "title": "CVE-2020-13625", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13625"], "modified": "2020-06-08T17:15:00", "id": "DEBIANCVE:CVE-2020-13625", "href": "https://security-tracker.debian.org/tracker/CVE-2020-13625", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2022-01-04T11:14:13", "description": "Elar Lang discovered that PHPMailer did not properly escape double quote \ncharacters in filenames. A remote attacker could possibly exploit this \nwith a crafted filename to bypass attachment filters that are based on \nmatching filename extensions. (CVE-2020-13625)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-09-16T00:00:00", "type": "ubuntu", "title": "PHPMailer vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13625"], "modified": "2020-09-16T00:00:00", "id": "USN-4505-1", "href": "https://ubuntu.com/security/notices/USN-4505-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2021-07-28T14:46:51", "description": "PHPMailer - A full-featured email creation and transfer class for PHP Class Features * Probably the world's most popular code for sending email from PHP! * Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more * Integrated SMTP support - send without a local mail server * Send emails with multiple To, CC, BCC and Reply-to addresses * Multipart/alternative emails for mail clients that do not read HTML email * Add attachments, including inline * Support for UTF-8 content and 8bit, base64, binary, and quoted-printable encodings * SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms over SSL and SMTP+STARTTLS transports * Validates email addresses automatically * Protect against header injection attacks * Error messages in 47 languages! * DKIM and S/MIME signing support * Compatible with PHP 5.5 and later * Namespaced to prevent name clashes * Much more! Autoloader: /usr/share/php/PHPMailer/PHPMailer6/autoload.php ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-07T19:47:31", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: php-phpmailer6-6.1.6-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13625"], "modified": "2020-06-07T19:47:31", "id": "FEDORA:C88CD60879AD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OBRDMEV3CB44CAAF5BOHFNV23JVRO6PZ/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-07-28T14:46:51", "description": "PHPMailer - A full-featured email creation and transfer class for PHP Class Features * Probably the world's most popular code for sending email from PHP! * Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more * Integrated SMTP support - send without a local mail server * Send emails with multiple To, CC, BCC and Reply-to addresses * Multipart/alternative emails for mail clients that do not read HTML email * Add attachments, including inline * Support for UTF-8 content and 8bit, base64, binary, and quoted-printable encodings * SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms over SSL and SMTP+STARTTLS transports * Validates email addresses automatically * Protect against header injection attacks * Error messages in 47 languages! * DKIM and S/MIME signing support * Compatible with PHP 5.5 and later * Namespaced to prevent name clashes * Much more! Autoloader: /usr/share/php/PHPMailer/PHPMailer6/autoload.php ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-07T19:49:11", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: php-phpmailer6-6.1.6-2.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13625"], "modified": "2020-06-07T19:49:11", "id": "FEDORA:571D76087BAA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WXI4BTLWBPZVP46H7IX3JQ35E2DRAG43/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-07-28T14:46:51", "description": "Full Featured Email Transfer Class for PHP. PHPMailer features: * Supports emails digitally signed with S/MIME encryption! * Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs * Works on any platform. * Supports Text & HTML emails. * Embedded image support. * Multipart/alternative emails for mail clients that do not read HTML email. * Flexible debugging. * Custom mail headers. * Redundant SMTP servers. * Support for 8bit, base64, binary, and quoted-printable encoding. * Word wrap. * Multiple fs, string, and binary attachments (those from database, string, etc). * SMTP authentication. * Tested on multiple SMTP servers: Sendmail, qmail, Postfix, Gmail, Imail, Exchange, etc. * Good documentation, many examples included in download. * It's swift, small, and simple. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-01T01:51:24", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: php-PHPMailer-5.2.28-2.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13625"], "modified": "2020-07-01T01:51:24", "id": "FEDORA:AA57E30B5E2B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SMH4TC5XTS3KZVGMSKEPPBZ2XTZCKKCX/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-07-28T18:41:39", "description": "Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-23T01:06:59", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: cacti-1.2.13-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11022", "CVE-2020-11023", "CVE-2020-13625", "CVE-2020-14295"], "modified": "2020-07-23T01:06:59", "id": "FEDORA:DC7DF3111B2E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZKM5G3YNSZDHDZMPCMAHG5B5M2V4XYSE/", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T18:41:39", "description": "Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-23T01:17:57", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: cacti-1.2.13-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11022", "CVE-2020-11023", "CVE-2020-13625", "CVE-2020-14295"], "modified": "2020-07-23T01:17:57", "id": "FEDORA:86D5D3097097", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AWL3QVHFFVSE2E3LHJUYJ2UFSLUHP56W/", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-05-11T21:46:33", "description": "### Impact\nCWE-116: Incorrect output escaping.\n\nAn attachment added like this (note the double quote within the attachment name, which is entirely valid):\n\n $mail->addAttachment('/tmp/attachment.tmp', 'filename.html\";.jpg');\n\nWill result in a message containing these headers:\n\n Content-Type: application/octet-stream; name=\"filename.html\";.jpg\"\n Content-Disposition: attachment; filename=\"filename.html\";.jpg\"\n\nThe attachment will be named `filename.html`, and the trailing `\";.jpg\"` will be ignored. Mail filters that reject `.html` attachments but permit `.jpg` attachments may be fooled by this.\n\nNote that the MIME type itself is obtained automatically from the *source filename* (in this case `attachment.tmp`, which maps to a generic `application/octet-stream` type), and not the *name* given to the attachment (though these are the same if a separate name is not provided), though it can be set explicitly in other parameters to attachment methods.\n\n### Patches\nPatched in PHPMailer 6.1.6 by escaping double quotes within the name using a backslash, as per RFC822 section 3.4.1, resulting in correctly escaped headers like this:\n\n Content-Type: application/octet-stream; name=\"filename.html\\\";.jpg\"\n Content-Disposition: attachment; filename=\"filename.html\\\";.jpg\"\n\n### Workarounds\nReject or filter names and filenames containing double quote (`\"`) characters before passing them to attachment functions such as `addAttachment()`.\n\n### References\n[CVE-2020-13625](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13625).\n[PHPMailer 6.1.6 release](https://github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [the PHPMailer repo](https://github.com/PHPMailer/PHPMailer/issues)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-27T16:37:02", "type": "osv", "title": "Insufficient output escaping of attachment names in PHPMailer", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13625"], "modified": "2021-08-25T21:37:23", "id": "OSV:GHSA-F7HX-FQXW-RVVJ", "href": "https://osv.dev/vulnerability/GHSA-f7hx-fqxw-rvvj", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T12:53:23", "description": "PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-08T17:15:00", "type": "cve", "title": "CVE-2020-13625", "cwe": ["CWE-116"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13625"], "modified": "2020-09-17T20:15:00", "cpe": [], "id": "CVE-2020-13625", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13625", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": []}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Fix insufficient output escaping bug in file attachment names (CVE-2020-13625). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-01T09:25:19", "type": "mageia", "title": "Updated php-phpmailer packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13625"], "modified": "2020-08-01T09:25:19", "id": "MGASA-2020-0313", "href": "https://advisories.mageia.org/MGASA-2020-0313.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:26:11", "description": "PHPMailer before 6.1.6 contains an output escaping bug when the name of a\nfile attachment contains a double quote character. This can result in the\nfile type being misinterpreted by the receiver or any mail relay processing\nthe message.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-08T00:00:00", "type": "ubuntucve", "title": "CVE-2020-13625", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13625"], "modified": "2020-06-08T00:00:00", "id": "UB:CVE-2020-13625", "href": "https://ubuntu.com/security/CVE-2020-13625", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "github": [{"lastseen": "2021-12-22T11:54:31", "description": "### Impact\nCWE-116: Incorrect output escaping.\n\nAn attachment added like this (note the double quote within the attachment name, which is entirely valid):\n\n $mail->addAttachment('/tmp/attachment.tmp', 'filename.html\";.jpg');\n\nWill result in a message containing these headers:\n\n Content-Type: application/octet-stream; name=\"filename.html\";.jpg\"\n Content-Disposition: attachment; filename=\"filename.html\";.jpg\"\n\nThe attachment will be named `filename.html`, and the trailing `\";.jpg\"` will be ignored. Mail filters that reject `.html` attachments but permit `.jpg` attachments may be fooled by this.\n\nNote that the MIME type itself is obtained automatically from the *source filename* (in this case `attachment.tmp`, which maps to a generic `application/octet-stream` type), and not the *name* given to the attachment (though these are the same if a separate name is not provided), though it can be set explicitly in other parameters to attachment methods.\n\n### Patches\nPatched in PHPMailer 6.1.6 by escaping double quotes within the name using a backslash, as per RFC822 section 3.4.1, resulting in correctly escaped headers like this:\n\n Content-Type: application/octet-stream; name=\"filename.html\\\";.jpg\"\n Content-Disposition: attachment; filename=\"filename.html\\\";.jpg\"\n\n### Workarounds\nReject or filter names and filenames containing double quote (`\"`) characters before passing them to attachment functions such as `addAttachment()`.\n\n### References\n[CVE-2020-13625](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13625).\n[PHPMailer 6.1.6 release](https://github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [the PHPMailer repo](https://github.com/PHPMailer/PHPMailer/issues)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-05-27T16:37:02", "type": "github", "title": "Insufficient output escaping of attachment names in PHPMailer", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13625"], "modified": "2021-08-25T21:37:24", "id": "GHSA-F7HX-FQXW-RVVJ", "href": "https://github.com/advisories/GHSA-f7hx-fqxw-rvvj", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "suse": [{"lastseen": "2022-06-23T18:00:51", "description": "An update that fixes four vulnerabilities is now available.\n\nDescription:\n\n This update for cacti, cacti-spine fixes the following issues:\n\n - cacti 1.2.13:\n\n * Query XSS vulnerabilities require vendor package update\n (CVE-2020-11022 / CVE-2020-11023)\n * Lack of escaping on some pages can lead to XSS exposure\n * Update PHPMailer to 6.1.6 (CVE-2020-13625)\n * SQL Injection vulnerability due to input validation failure when\n editing colors (CVE-2020-14295, boo#1173090)\n * Lack of escaping on template import can lead to XSS exposure\n\n - switch from cron to systemd timers (boo#1115436):\n + cacti-cron.timer\n + cacti-cron.service\n - avoid potential root escalation on systems with fs.protected_hardlinks=0\n (boo#1154087): handle directory permissions in file section instead\n of using chown during post installation\n - rewrote apache configuration to get rid of .htaccess files and\n explicitely disable directory permissions per default (only allow a\n limited, well-known set of directories)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-1060=1\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-1060=1\n\n - SUSE Package Hub for SUSE Linux Enterprise 12:\n\n zypper in -t patch openSUSE-2020-1060=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-25T00:00:00", "type": "suse", "title": "Security update for cacti, cacti-spine (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11022", "CVE-2020-11023", "CVE-2020-13625", "CVE-2020-14295"], "modified": "2020-07-25T00:00:00", "id": "OPENSUSE-SU-2020:1060-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G3R45WU45QPEDTC4IP26RUNI25H75TI7/", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T15:22:04", "description": "An update that fixes four vulnerabilities is now available.\n\nDescription:\n\n This update for cacti, cacti-spine fixes the following issues:\n\n - cacti 1.2.13:\n\n * Query XSS vulnerabilities require vendor package update\n (CVE-2020-11022 / CVE-2020-11023)\n * Lack of escaping on some pages can lead to XSS exposure\n * Update PHPMailer to 6.1.6 (CVE-2020-13625)\n * SQL Injection vulnerability due to input validation failure when\n editing colors (CVE-2020-14295, boo#1173090)\n * Lack of escaping on template import can lead to XSS exposure\n\n - switch from cron to systemd timers (boo#1115436):\n + cacti-cron.timer\n + cacti-cron.service\n - avoid potential root escalation on systems with fs.protected_hardlinks=0\n (boo#1154087): handle directory permissions in file section instead\n of using chown during post installation\n - rewrote apache configuration to get rid of .htaccess files and\n explicitely disable directory permissions per default (only allow a\n limited, well-known set of directories)\n\n\n This update was imported from the openSUSE:Leap:15.1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP1:\n\n zypper in -t patch openSUSE-2020-1106=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-28T00:00:00", "type": "suse", "title": "Security update for cacti, cacti-spine (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11022", "CVE-2020-11023", "CVE-2020-13625", "CVE-2020-14295"], "modified": "2020-07-28T00:00:00", "id": "OPENSUSE-SU-2020:1106-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4IXKYESUUIOBHBKL32YKWOWHSJKS7RN3/", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\nCacti developers reports:\n\nMultiple fixes for bundled jQuery to prevent\n\t code exec (CVE-2020-11022, CVE-2020-11023).\nPHPMail contains a escaping bug\n\t (CVE-2020-13625).\nSQL Injection via color.php in Cacti\n\t (CVE-2020-14295).\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-15T00:00:00", "type": "freebsd", "title": "Cacti -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11022", "CVE-2020-11023", "CVE-2020-13625", "CVE-2020-14295"], "modified": "2020-07-15T00:00:00", "id": "CD2DC126-CFE4-11EA-9172-4C72B94353B5", "href": "https://vuxml.freebsd.org/freebsd/cd2dc126-cfe4-11ea-9172-4c72b94353b5.html", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}