Local file disclosure in PHPMailer

An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base...

Local File Inclusion

PHPMailer is vulnerable to local file inclusion. The vulnerability is possible because user supplied relative image URLs are treated as / absolute local file paths and are directly passed to the msgHTML method...

UBUNTU-CVE-2017-5223

An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base...

PT-2017-16400 · Php +3 · Phpmailer +3

Name of the Vulnerable Software and Affected Versions: PHPMailer versions prior to 5.2.22 Description: An issue in PHPMailer's msgHTML method allows it to apply transformations to an HTML document, making it usable as an email message body. One transformation converts relative image URLs into...

Local File Disclosure

SECURITY Fix CVE-2017-5223, local file disclosure vulnerability if content passed to msgHTML is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls to msgHTML without a $basedir will not import images with relative URLs, and relative...