Lucene search

GoogleOSV:GHSA-8JC3-5P29-QGJX

HistoryFeb 02, 2024 - 8:43 p.m.

PHPMailer Local file inclusion

2024-02-0220:43:57

Google

osv.dev

arbitrary file inclusion

remote exploit

phpmailer 5.2.0

user data validation

6 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.1%

JSON

Impact

Arbitrary local file inclusion via the $lang property, remotely exploitable if host application passes unfiltered user data into that property. The 3 CVEs listed are applications that used PHPMailer that were vulnerable to this problem.

Patches

It’s not known exactly when this was fixed in the host applications, but it was fixed in PHPMailer 5.2.0.

Workarounds

Filter and validate user-supplied data before use.

References

https://nvd.nist.gov/vuln/detail/CVE-2006-5734
https://nvd.nist.gov/vuln/detail/CVE-2007-3215
https://nvd.nist.gov/vuln/detail/CVE-2007-2021
Example exploit: https://www.exploit-db.com/exploits/14893

For more information

If you have any questions or comments about this advisory:

Open a private issue in the PHPMailer project

References

github.com/PHPMailer/PHPMailer

github.com/PHPMailer/PHPMailer/security/advisories/GHSA-8jc3-5p29-qgjx

6 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.1%

JSON

Related for OSV:GHSA-8JC3-5P29-QGJX