Exploit for Argument Injection in Phpmailer_Project Phpmailer

MediCare Portal Intentionally vulnerable healthcare patient...

GHSA-6H78-85V2-MMCH PHPMailer Shell command injection

PHPMailer before 1.7.4, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. Impact Shell command injection, remotely exploitable if host application does not filter user data...

GHSA-398J-F7M7-795J PHPMailer vulnerable to email header injection

Impact Arbitrary additional email headers can be injected via crafted From or Sender headers. Patches Fixed in 2.2.1 Workarounds Filter user-supplied values prior to using them in From or Sender properties. References https://nvd.nist.gov/vuln/detail/CVE-2012-0796 For more information If you have...

Cross-site scripting in PHPMailer

PHPMailer versions prior to 5.2.24 released July 26th 2017 have an XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it i...

GHSA-58MJ-PW57-4VM2 Cross-site scripting in PHPMailer

PHPMailer versions prior to 5.2.24 released July 26th 2017 have an XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it i...