Known Vulnerabilities for Phpmailer by Phpmailer Project
Listed below are 10 of the newest known vulnerabilities associated with "Phpmailer" by "Phpmailer Project".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-34551 | PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. | 8.1 - HIGH | 2021-06-16 | 2023-11-07 |
| CVE-2021-3603 | PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected ... | 8.1 - HIGH | 2021-06-17 | 2023-11-07 |
| CVE-2020-36326 | PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOT... | 9.8 - CRITICAL | 2021-04-28 | 2023-11-07 |
| CVE-2020-13625 | PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. ... | 7.5 - HIGH | 2020-06-08 | 2023-11-07 |
| CVE-2018-19296 | PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. | 8.8 - HIGH | 2018-11-16 | 2023-11-07 |
| CVE-2017-11503 | PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php. | 6.1 - MEDIUM | 2017-07-20 | 2019-05-03 |
| CVE-2017-5223 | An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to... | 5.5 - MEDIUM | 2017-01-16 | 2017-10-28 |
| CVE-2016-10045 | The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and... | 9.8 - CRITICAL | 2016-12-30 | 2021-09-30 |
| CVE-2016-10033 | The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameter... | 9.8 - CRITICAL | 2016-12-30 | 2021-09-30 |
| CVE-2015-8476 | Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF... | 5 - MEDIUM | 2015-12-16 | 2016-12-06 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Phpmailer Project | Phpmailer | 6.1.6 | All | All | All |
| Application | Phpmailer Project | Phpmailer | 6.0.7 | All | All | All |
| Application | Phpmailer Project | Phpmailer | 6.0.6 | All | All | All |
| Application | Phpmailer Project | Phpmailer | 6.0.5 | All | All | All |
| Application | Phpmailer Project | Phpmailer | 6.0.4 | All | All | All |
| Application | Phpmailer Project | Phpmailer | 6.0.3 | All | All | All |
| Application | Phpmailer Project | Phpmailer | 6.0.2 | All | All | All |
| Application | Phpmailer Project | Phpmailer | 6.0.1 | All | All | All |
| Application | Phpmailer Project | Phpmailer | 6.0.0 | - | All | All |
| Application | Phpmailer Project | Phpmailer | 6.0.0 | rc1 | All | All |
| Application | Phpmailer Project | Phpmailer | 6.0.0 | rc5 | All | All |
| Application | Phpmailer Project | Phpmailer | 6.0.0 | rc4 | All | All |
| Application | Phpmailer Project | Phpmailer | 6.0.0 | rc3 | All | All |
| Application | Phpmailer Project | Phpmailer | 6.0.0 | rc2 | All | All |
| Application | Phpmailer Project | Phpmailer | 5.2.9 | All | All | All |
| Application | Phpmailer Project | Phpmailer | 5.2.8 | All | All | All |
| Application | Phpmailer Project | Phpmailer | 5.2.7 | All | All | All |
| Application | Phpmailer Project | Phpmailer | 5.2.6 | All | All | All |
| Application | Phpmailer Project | Phpmailer | 5.2.5 | All | All | All |
| Application | Phpmailer Project | Phpmailer | 5.2.4 | All | All | All |