Known Vulnerabilities for products from Phpmailer Project
Listed below are 10 of the newest known vulnerabilities associated with the vendor "Phpmailer Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-34551 | PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. | 8.1 - HIGH | 2021-06-16 | 2023-11-07 |
| CVE-2021-3603 | PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected ... | 8.1 - HIGH | 2021-06-17 | 2023-11-07 |
| CVE-2020-36326 | PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOT... | 9.8 - CRITICAL | 2021-04-28 | 2023-11-07 |
| CVE-2020-13625 | PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. ... | 7.5 - HIGH | 2020-06-08 | 2023-11-07 |
| CVE-2018-19296 | PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. | 8.8 - HIGH | 2018-11-16 | 2023-11-07 |
| CVE-2017-11503 | PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php. | 6.1 - MEDIUM | 2017-07-20 | 2019-05-03 |
| CVE-2017-5223 | An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to... | 5.5 - MEDIUM | 2017-01-16 | 2017-10-28 |
| CVE-2016-10045 | The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and... | 9.8 - CRITICAL | 2016-12-30 | 2021-09-30 |
| CVE-2016-10033 | The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameter... | 9.8 - CRITICAL | 2016-12-30 | 2021-09-30 |
| CVE-2015-8476 | Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF... | 5 - MEDIUM | 2015-12-16 | 2016-12-06 |
Known software with vulnerabilities from Phpmailer Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Phpmailer Project | Phpmailer | 2.0.3 |