Search CVE reports
1 – 10 of 11 results
CVE-2021-3603
Medium prioritySome fixes available 2 of 5
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is...
1 affected package
libphp-phpmailer
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libphp-phpmailer | Not affected | Fixed | Fixed | Not affected | Not affected |
CVE-2020-36326
Medium priorityPHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC...
1 affected package
libphp-phpmailer
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libphp-phpmailer | — | Not affected | Not affected | Not affected | Not affected |
CVE-2020-13625
Medium prioritySome fixes available 3 of 4
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.
1 affected package
libphp-phpmailer
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libphp-phpmailer | Not affected | Not affected | Fixed | Fixed | Fixed |
CVE-2018-19296
Medium priorityPHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
1 affected package
libphp-phpmailer
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libphp-phpmailer | — | Not affected | Not affected | Fixed | Fixed |
CVE-2017-11503
Low prioritySome fixes available 2 of 5
PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.
1 affected package
libphp-phpmailer
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libphp-phpmailer | — | Not affected | Not affected | Fixed | Fixed |
CVE-2017-5223
Medium prioritySome fixes available 1 of 5
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs...
1 affected package
libphp-phpmailer
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libphp-phpmailer | — | Not affected | Not affected | Not affected | Fixed |
CVE-2016-10045
Medium prioritySome fixes available 1 of 3
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg...
1 affected package
libphp-phpmailer
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libphp-phpmailer | — | Not affected | Not affected | Not affected | Fixed |
CVE-2016-10034
Medium priorityThe setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail...
1 affected package
libphp-phpmailer
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libphp-phpmailer | — | — | — | — | Not affected |
CVE-2016-10033
Medium prioritySome fixes available 1 of 3
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a...
1 affected package
libphp-phpmailer
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libphp-phpmailer | — | Not affected | Not affected | Not affected | Fixed |
CVE-2015-8476
Medium prioritySome fixes available 3 of 4
Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP...
1 affected package
libphp-phpmailer
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libphp-phpmailer | — | — | — | — | Not affected |