phpmailer project

Top products

The 10 most recently published vulnerabilities affecting phpmailer project.

• CVE-2021-3603Inclusion of Functionality from Untrusted Control Sphere in PHPMailer/PHPMailer8.1Jun 17, 2021
• CVE-2021-34551PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.8.1Jun 16, 2021
• CVE-2020-36326PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a fu...9.8Apr 28, 2021
• CVE-2020-13625PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or...7.5Jun 8, 2020
• CVE-2018-19296PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.8.8Nov 16, 2018
• CVE-2017-11503PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.6.1Jul 20, 2017
• CVE-2017-5223An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is ...5.5Jan 16, 2017
• CVE-2016-10033The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (...KEV9.8Dec 30, 2016
• CVE-2016-10045The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction ...9.8Dec 30, 2016
• CVE-2015-8476Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in cl...5.0Dec 16, 2015