Search CVE reports


Toggle filters

1 – 10 of 11 results


CVE-2021-3603

Medium priority

Some fixes available 2 of 5

PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is...

1 affected package

libphp-phpmailer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libphp-phpmailer Not affected Fixed Fixed Not affected Not affected
Show less packages

CVE-2020-36326

Medium priority
Ignored

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC...

1 affected package

libphp-phpmailer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libphp-phpmailer Not affected Not affected Not affected Not affected
Show less packages

CVE-2020-13625

Medium priority

Some fixes available 3 of 4

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.

1 affected package

libphp-phpmailer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libphp-phpmailer Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2018-19296

Medium priority
Fixed

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.

1 affected package

libphp-phpmailer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libphp-phpmailer Not affected Not affected Fixed Fixed
Show less packages

CVE-2017-11503

Low priority

Some fixes available 2 of 5

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.

1 affected package

libphp-phpmailer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libphp-phpmailer Not affected Not affected Fixed Fixed
Show less packages

CVE-2017-5223

Medium priority

Some fixes available 1 of 5

An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs...

1 affected package

libphp-phpmailer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libphp-phpmailer Not affected Not affected Not affected Fixed
Show less packages

CVE-2016-10045

Medium priority

Some fixes available 1 of 3

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg...

1 affected package

libphp-phpmailer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libphp-phpmailer Not affected Not affected Not affected Fixed
Show less packages

CVE-2016-10034

Medium priority
Not affected

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail...

1 affected package

libphp-phpmailer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libphp-phpmailer Not affected
Show less packages

CVE-2016-10033

Medium priority

Some fixes available 1 of 3

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a...

1 affected package

libphp-phpmailer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libphp-phpmailer Not affected Not affected Not affected Fixed
Show less packages

CVE-2015-8476

Medium priority

Some fixes available 3 of 4

Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP...

1 affected package

libphp-phpmailer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libphp-phpmailer Not affected
Show less packages