Known Vulnerabilities for Phpmailer by Phpmailer Project
Listed below are 10 of the newest known vulnerabilities associated with "Phpmailer" by "Phpmailer Project".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-34551 json | PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. | 8.1 - HIGH | 2021-06-16 | 2023-11-07 |
| CVE-2021-3603 json | PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected ... | 8.1 - HIGH | 2021-06-17 | 2023-11-07 |
| CVE-2020-36326 json | PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOT... | 9.8 - CRITICAL | 2021-04-28 | 2023-11-07 |
| CVE-2020-13625 json | PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. ... | 7.5 - HIGH | 2020-06-08 | 2023-11-07 |
| CVE-2018-19296 json | PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. | 8.8 - HIGH | 2018-11-16 | 2023-11-07 |
| CVE-2017-11503 json | PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php. | 6.1 - MEDIUM | 2017-07-20 | 2019-05-03 |
| CVE-2017-5223 json | An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to... | 5.5 - MEDIUM | 2017-01-16 | 2017-10-28 |
| CVE-2016-10045 json | The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and... | 9.8 - CRITICAL | 2016-12-30 | 2021-09-30 |
| CVE-2016-10033 json | Not Provided | 2016-12-30 | 2026-04-21 | |
| CVE-2015-8476 json | Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF... | 5 - MEDIUM | 2015-12-16 | 2016-12-06 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Phpmailer Project | Phpmailer | 6.1.6 | |||
| Application | Phpmailer Project | Phpmailer | 6.0.7 | |||
| Application | Phpmailer Project | Phpmailer | 6.0.6 | |||
| Application | Phpmailer Project | Phpmailer | 6.0.5 | |||
| Application | Phpmailer Project | Phpmailer | 6.0.4 | |||
| Application | Phpmailer Project | Phpmailer | 6.0.3 | |||
| Application | Phpmailer Project | Phpmailer | 6.0.2 | |||
| Application | Phpmailer Project | Phpmailer | 6.0.1 | |||
| Application | Phpmailer Project | Phpmailer | 6.0.0 | |||
| Application | Phpmailer Project | Phpmailer | 6.0.0 | |||
| Application | Phpmailer Project | Phpmailer | 6.0.0 | |||
| Application | Phpmailer Project | Phpmailer | 6.0.0 | |||
| Application | Phpmailer Project | Phpmailer | 6.0.0 | |||
| Application | Phpmailer Project | Phpmailer | 6.0.0 | |||
| Application | Phpmailer Project | Phpmailer | 5.2.9 | |||
| Application | Phpmailer Project | Phpmailer | 5.2.8 | |||
| Application | Phpmailer Project | Phpmailer | 5.2.7 | |||
| Application | Phpmailer Project | Phpmailer | 5.2.6 | |||
| Application | Phpmailer Project | Phpmailer | 5.2.5 | |||
| Application | Phpmailer Project | Phpmailer | 5.2.4 |