Known Vulnerabilities for products from Phpmailer Project
Listed below are 10 of the newest known vulnerabilities associated with the vendor "Phpmailer Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-34551 json | PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. | 8.1 - HIGH | 2021-06-16 | 2023-11-07 |
| CVE-2021-3603 json | PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected ... | 8.1 - HIGH | 2021-06-17 | 2023-11-07 |
| CVE-2020-36326 json | PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOT... | 9.8 - CRITICAL | 2021-04-28 | 2023-11-07 |
| CVE-2020-13625 json | PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. ... | 7.5 - HIGH | 2020-06-08 | 2023-11-07 |
| CVE-2018-19296 json | PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. | 8.8 - HIGH | 2018-11-16 | 2023-11-07 |
| CVE-2017-11503 json | PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php. | 6.1 - MEDIUM | 2017-07-20 | 2019-05-03 |
| CVE-2017-5223 json | An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to... | 5.5 - MEDIUM | 2017-01-16 | 2017-10-28 |
| CVE-2016-10045 json | The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and... | 9.8 - CRITICAL | 2016-12-30 | 2021-09-30 |
| CVE-2016-10033 json | The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameter... | Not Provided | 2016-12-30 | 2026-04-21 |
| CVE-2015-8476 json | Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF... | 5 - MEDIUM | 2015-12-16 | 2016-12-06 |
Known software with vulnerabilities from Phpmailer Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Phpmailer Project | Phpmailer | 2.0.3 |