Phpmailer@* Security Vulnerabilities and Issues — Phpmailer@* CVE List

Lucene search

Phpmailer ProjectPhpmailer*

5 matches found

CVE•added 2018/11/16 9:29 a.m.•701 views

CVE-2018-19296

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.

8.8CVSS8.6AI score0.01204EPSS

CVE•added 2016/12/30 7:59 p.m.•546 views

CVE-2016-10033

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted Sender property.

9.8CVSS9.8AI score0.94411EPSS

In wild

CVE•added 2016/12/30 7:59 p.m.•275 views

CVE-2016-10045

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE:...

9.8CVSS10AI score0.94411EPSS

In wild

CVE•added 2020/06/08 5:15 p.m.•238 views

CVE-2020-13625

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.

7.5CVSS7.3AI score0.02624EPSS

CVE•added 2021/06/16 6:15 p.m.•101 views

CVE-2021-34551

PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.

8.1CVSS8.2AI score0.02108EPSS