QID 997089
Date Published: 2024-02-05
QID 997089: PHP (Composer) Security Update for phpmailer/phpmailer (GHSA-8jc3-5p29-qgjx)
Arbitrary local file inclusion via the $lang property, remotely exploitable if host application passes unfiltered user data into that property. The 3 CVEs listed are applications that used PHPMailer that were vulnerable to this problem.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Github security advisory GHSA-8jc3-5p29-qgjx for updates and patch information.
Vendor References
- GHSA-8jc3-5p29-qgjx -
github.com/advisories/GHSA-8jc3-5p29-qgjx
CVEs related to QID 997089
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-8jc3-5p29-qgjx | phpmailer/phpmailer |
|