Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/libphp-phpmailer@1.73-2
Typedeb
Namespacedebian
Namelibphp-phpmailer
Version1.73-2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.6.3-1
Latest_non_vulnerable_version6.6.3-1
Affected_by_vulnerabilities
0
url VCID-1a47-cc8v-xbdu
vulnerability_id VCID-1a47-cc8v-xbdu
summary 
Local File Disclosure
PHPMailer's `msgHTML` method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to `/`, meaning that relative image URLs get treated as absolute local file paths and added as attachments.
references
0
reference_url http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis
1
reference_url http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/
reference_id
reference_type
scores
url http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-5223
reference_id
reference_type
scores
0
value 0.02922
scoring_system epss
scoring_elements 0.86667
published_at 2026-06-08T12:55:00Z
1
value 0.02922
scoring_system epss
scoring_elements 0.86659
published_at 2026-06-04T12:55:00Z
2
value 0.02922
scoring_system epss
scoring_elements 0.86682
published_at 2026-06-05T12:55:00Z
3
value 0.02922
scoring_system epss
scoring_elements 0.86681
published_at 2026-06-06T12:55:00Z
4
value 0.02922
scoring_system epss
scoring_elements 0.86677
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-5223
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5223
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5223
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2017-5223.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2017-5223.yaml
6
reference_url https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md
7
reference_url https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.22
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.22
8
reference_url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-4x5h-cr29-fhp6
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-4x5h-cr29-fhp6
9
reference_url https://www.exploit-db.com/exploits/43056
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/43056
10
reference_url https://www.exploit-db.com/exploits/43056/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/43056/
11
reference_url http://www.securityfocus.com/bid/95328
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/95328
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853232
reference_id 853232
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853232
13
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/43056.py
reference_id CVE-2017-5223
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/43056.py
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5223
reference_id CVE-2017-5223
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-5223
15
reference_url https://github.com/advisories/GHSA-4x5h-cr29-fhp6
reference_id GHSA-4x5h-cr29-fhp6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4x5h-cr29-fhp6
16
reference_url https://usn.ubuntu.com/5956-1/
reference_id USN-5956-1
reference_type
scores
url https://usn.ubuntu.com/5956-1/
fixed_packages
0
url pkg:deb/debian/libphp-phpmailer@5.2.14%2Bdfsg-2.3%2Bdeb9u1
purl pkg:deb/debian/libphp-phpmailer@5.2.14%2Bdfsg-2.3%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vfj-98ky-yffc
1
vulnerability VCID-3p76-2t3z-kycu
2
vulnerability VCID-c62f-8m1j-tkdu
3
vulnerability VCID-d2jv-nfmb-ckgx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.2.14%252Bdfsg-2.3%252Bdeb9u1
aliases CVE-2017-5223, GHSA-4x5h-cr29-fhp6
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1a47-cc8v-xbdu
1
url VCID-1vfj-98ky-yffc
vulnerability_id VCID-1vfj-98ky-yffc
summary 
XSS vulnerability in code example
The `code_generator.phps` example does not filter user input prior to output. This file is distributed with a `.phps` extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There's also an undisclosed potential XSS vulnerability in the default exception handler (unused by default).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-11503
reference_id
reference_type
scores
0
value 0.0294
scoring_system epss
scoring_elements 0.86718
published_at 2026-06-06T12:55:00Z
1
value 0.0294
scoring_system epss
scoring_elements 0.86705
published_at 2026-06-08T12:55:00Z
2
value 0.0294
scoring_system epss
scoring_elements 0.86715
published_at 2026-06-07T12:55:00Z
3
value 0.0294
scoring_system epss
scoring_elements 0.86719
published_at 2026-06-05T12:55:00Z
4
value 0.0294
scoring_system epss
scoring_elements 0.86697
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-11503
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11503
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11503
2
reference_url https://cxsecurity.com/issue/WLB-2017060181
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cxsecurity.com/issue/WLB-2017060181
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2017-11503.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2017-11503.yaml
4
reference_url https://github.com/PHPMailer/PHPMailer/commit/dbbc1397c41de56aa3a57c8188d19a345dea5c63
reference_id
reference_type
scores
url https://github.com/PHPMailer/PHPMailer/commit/dbbc1397c41de56aa3a57c8188d19a345dea5c63
5
reference_url https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24
6
reference_url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-58mj-pw57-4vm2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-58mj-pw57-4vm2
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-11503
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-11503
8
reference_url https://packetstormsecurity.com/files/143138/phpmailer-xss.txt
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packetstormsecurity.com/files/143138/phpmailer-xss.txt
9
reference_url http://www.securityfocus.com/bid/99293
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/99293
10
reference_url http://www.securityfocus.com/bid/99293/
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/99293/
11
reference_url http://www.securitytracker.com/id/1039026
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1039026
12
reference_url https://github.com/advisories/GHSA-58mj-pw57-4vm2
reference_id GHSA-58mj-pw57-4vm2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-58mj-pw57-4vm2
13
reference_url https://usn.ubuntu.com/5956-1/
reference_id USN-5956-1
reference_type
scores
url https://usn.ubuntu.com/5956-1/
14
reference_url https://usn.ubuntu.com/5956-2/
reference_id USN-5956-2
reference_type
scores
url https://usn.ubuntu.com/5956-2/
fixed_packages
0
url pkg:deb/debian/libphp-phpmailer@6.0.6-0.1
purl pkg:deb/debian/libphp-phpmailer@6.0.6-0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c62f-8m1j-tkdu
1
vulnerability VCID-d2jv-nfmb-ckgx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@6.0.6-0.1
aliases CVE-2017-11503, GHSA-58mj-pw57-4vm2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1vfj-98ky-yffc
2
url VCID-3p76-2t3z-kycu
vulnerability_id VCID-3p76-2t3z-kycu
summary 
Object injection
PHPMailer is vulnerable to an object injection attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19296
reference_id
reference_type
scores
0
value 0.01475
scoring_system epss
scoring_elements 0.81292
published_at 2026-06-04T12:55:00Z
1
value 0.01475
scoring_system epss
scoring_elements 0.81317
published_at 2026-06-08T12:55:00Z
2
value 0.01475
scoring_system epss
scoring_elements 0.81323
published_at 2026-06-06T12:55:00Z
3
value 0.01475
scoring_system epss
scoring_elements 0.81321
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19296
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19296
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19296
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2018-19296.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2018-19296.yaml
3
reference_url https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27
4
reference_url https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6
5
reference_url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-7w4p-72j7-v7c2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-7w4p-72j7-v7c2
6
reference_url https://lists.debian.org/debian-lts-announce/2018/12/msg00020.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/12/msg00020.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/
15
reference_url https://www.debian.org/security/2018/dsa-4351
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4351
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913912
reference_id 913912
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913912
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19296
reference_id CVE-2018-19296
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-19296
18
reference_url https://github.com/advisories/GHSA-7w4p-72j7-v7c2
reference_id GHSA-7w4p-72j7-v7c2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7w4p-72j7-v7c2
19
reference_url https://usn.ubuntu.com/5956-1/
reference_id USN-5956-1
reference_type
scores
url https://usn.ubuntu.com/5956-1/
fixed_packages
0
url pkg:deb/debian/libphp-phpmailer@5.2.14%2Bdfsg-2.3%2Bdeb9u1
purl pkg:deb/debian/libphp-phpmailer@5.2.14%2Bdfsg-2.3%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vfj-98ky-yffc
1
vulnerability VCID-3p76-2t3z-kycu
2
vulnerability VCID-c62f-8m1j-tkdu
3
vulnerability VCID-d2jv-nfmb-ckgx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.2.14%252Bdfsg-2.3%252Bdeb9u1
1
url pkg:deb/debian/libphp-phpmailer@6.0.6-0.1
purl pkg:deb/debian/libphp-phpmailer@6.0.6-0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c62f-8m1j-tkdu
1
vulnerability VCID-d2jv-nfmb-ckgx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@6.0.6-0.1
aliases CVE-2018-19296, GHSA-7w4p-72j7-v7c2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3p76-2t3z-kycu
3
url VCID-c62f-8m1j-tkdu
vulnerability_id VCID-c62f-8m1j-tkdu
summary 
Improper Encoding or Escaping of Output
PHPMailer contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13625
reference_id
reference_type
scores
0
value 0.04933
scoring_system epss
scoring_elements 0.89802
published_at 2026-06-04T12:55:00Z
1
value 0.04933
scoring_system epss
scoring_elements 0.89818
published_at 2026-06-08T12:55:00Z
2
value 0.04933
scoring_system epss
scoring_elements 0.8982
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13625
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13625
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13625
4
reference_url https://github.com/PHPMailer/PHPMailer
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer
5
reference_url https://github.com/PHPMailer/PHPMailer/commit/c2796cb1cb99d7717290b48c4e6f32cb6c60b7b3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/commit/c2796cb1cb99d7717290b48c4e6f32cb6c60b7b3
6
reference_url https://github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6
7
reference_url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj
8
reference_url https://lists.debian.org/debian-lts-announce/2020/06/msg00014.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/06/msg00014.html
9
reference_url https://lists.debian.org/debian-lts-announce/2020/08/msg00004.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/08/msg00004.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFM3BZABL6RUHTVMXSC7OFMP4CKWMRPJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFM3BZABL6RUHTVMXSC7OFMP4CKWMRPJ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFM3BZABL6RUHTVMXSC7OFMP4CKWMRPJ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFM3BZABL6RUHTVMXSC7OFMP4CKWMRPJ/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMH4TC5XTS3KZVGMSKEPPBZ2XTZCKKCX
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMH4TC5XTS3KZVGMSKEPPBZ2XTZCKKCX
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMH4TC5XTS3KZVGMSKEPPBZ2XTZCKKCX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMH4TC5XTS3KZVGMSKEPPBZ2XTZCKKCX/
14
reference_url https://usn.ubuntu.com/4505-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4505-1
15
reference_url https://usn.ubuntu.com/4505-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4505-1/
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962827
reference_id 962827
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962827
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13625
reference_id CVE-2020-13625
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13625
18
reference_url https://github.com/advisories/GHSA-f7hx-fqxw-rvvj
reference_id GHSA-f7hx-fqxw-rvvj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f7hx-fqxw-rvvj
19
reference_url https://usn.ubuntu.com/5956-1/
reference_id USN-5956-1
reference_type
scores
url https://usn.ubuntu.com/5956-1/
fixed_packages
0
url pkg:deb/debian/libphp-phpmailer@6.2.0-2
purl pkg:deb/debian/libphp-phpmailer@6.2.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sukc-unjh-efca
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@6.2.0-2
aliases CVE-2020-13625, GHSA-f7hx-fqxw-rvvj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c62f-8m1j-tkdu
4
url VCID-cve1-e7gf-gyax
vulnerability_id VCID-cve1-e7gf-gyax
summary regression update
references
fixed_packages
0
url pkg:deb/debian/libphp-phpmailer@5.2.9%2Bdfsg-2%2Bdeb8u3
purl pkg:deb/debian/libphp-phpmailer@5.2.9%2Bdfsg-2%2Bdeb8u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1a47-cc8v-xbdu
1
vulnerability VCID-1vfj-98ky-yffc
2
vulnerability VCID-3p76-2t3z-kycu
3
vulnerability VCID-c62f-8m1j-tkdu
4
vulnerability VCID-d2jv-nfmb-ckgx
5
vulnerability VCID-svc3-522y-9uce
6
vulnerability VCID-t8sg-ebwy-9yaz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.2.9%252Bdfsg-2%252Bdeb8u3
aliases DSA-3750-2 libphp-phpmailer
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cve1-e7gf-gyax
5
url VCID-d2jv-nfmb-ckgx
vulnerability_id VCID-d2jv-nfmb-ckgx
summary 
Deserialization of Untrusted Data
PHPMailer allows object injection through `Phar` deserialization via the `addAttachment` with a UNC pathname.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36326
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.53929
published_at 2026-06-04T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.53959
published_at 2026-06-08T12:55:00Z
2
value 0.00304
scoring_system epss
scoring_elements 0.53982
published_at 2026-06-07T12:55:00Z
3
value 0.00304
scoring_system epss
scoring_elements 0.53994
published_at 2026-06-06T12:55:00Z
4
value 0.00304
scoring_system epss
scoring_elements 0.53986
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36326
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36326
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36326
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2020-36326.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2020-36326.yaml
3
reference_url https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9
4
reference_url https://github.com/PHPMailer/PHPMailer/releases/tag/v6.4.1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/releases/tag/v6.4.1
5
reference_url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-m298-fh5c-jc66
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-m298-fh5c-jc66
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988732
reference_id 988732
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988732
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36326
reference_id CVE-2020-36326
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36326
12
reference_url https://github.com/advisories/GHSA-m298-fh5c-jc66
reference_id GHSA-m298-fh5c-jc66
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m298-fh5c-jc66
fixed_packages
0
url pkg:deb/debian/libphp-phpmailer@6.2.0-2
purl pkg:deb/debian/libphp-phpmailer@6.2.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sukc-unjh-efca
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@6.2.0-2
aliases CVE-2020-36326, GHSA-m298-fh5c-jc66
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d2jv-nfmb-ckgx
6
url VCID-jgpk-6myg-mkds
vulnerability_id VCID-jgpk-6myg-mkds
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2007-3215
reference_id
reference_type
scores
0
value 0.04403
scoring_system epss
scoring_elements 0.8919
published_at 2026-06-04T12:55:00Z
1
value 0.04403
scoring_system epss
scoring_elements 0.89207
published_at 2026-06-08T12:55:00Z
2
value 0.04403
scoring_system epss
scoring_elements 0.89206
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2007-3215
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3215
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3215
2
reference_url https://cxsecurity.com/issue/WLB-2007060063
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://cxsecurity.com/issue/WLB-2007060063
3
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/34818
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/34818
4
reference_url https://github.com/PHPMailer/PHPMailer
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer
5
reference_url https://seclists.org/fulldisclosure/2011/Oct/223
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/fulldisclosure/2011/Oct/223
6
reference_url https://sourceforge.net/p/phpmailer/bugs/192
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://sourceforge.net/p/phpmailer/bugs/192
7
reference_url https://sourceforge.net/p/phpmailer/bugs/192/
reference_id
reference_type
scores
url https://sourceforge.net/p/phpmailer/bugs/192/
8
reference_url https://web.archive.org/web/20070714054359/http://larholm.com/2007/06/11/phpmailer-0day-remote-execution
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20070714054359/http://larholm.com/2007/06/11/phpmailer-0day-remote-execution
9
reference_url https://web.archive.org/web/20070714054359/http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/
reference_id
reference_type
scores
url https://web.archive.org/web/20070714054359/http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/
10
reference_url https://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429179
reference_id 429179
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429179
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429194
reference_id 429194
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429194
13
reference_url https://github.com/advisories/GHSA-6h78-85v2-mmch
reference_id GHSA-6h78-85v2-mmch
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6h78-85v2-mmch
14
reference_url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-6h78-85v2-mmch
reference_id GHSA-6h78-85v2-mmch
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-6h78-85v2-mmch
15
reference_url https://usn.ubuntu.com/791-1/
reference_id USN-791-1
reference_type
scores
url https://usn.ubuntu.com/791-1/
fixed_packages
0
url pkg:deb/debian/libphp-phpmailer@1.73-6
purl pkg:deb/debian/libphp-phpmailer@1.73-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1a47-cc8v-xbdu
1
vulnerability VCID-1vfj-98ky-yffc
2
vulnerability VCID-3p76-2t3z-kycu
3
vulnerability VCID-c62f-8m1j-tkdu
4
vulnerability VCID-cve1-e7gf-gyax
5
vulnerability VCID-d2jv-nfmb-ckgx
6
vulnerability VCID-svc3-522y-9uce
7
vulnerability VCID-t8sg-ebwy-9yaz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@1.73-6
aliases CVE-2007-3215, GHSA-6h78-85v2-mmch
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jgpk-6myg-mkds
7
url VCID-svc3-522y-9uce
vulnerability_id VCID-svc3-522y-9uce
summary Multiple CRLF injection vulnerabilities allow attackers to inject arbitrary SMTP commands via CRLF sequences in an email address to the `validateAddress` function in `class.phpmailer.php` or SMTP command to the `sendCommand` function in `class.smtp.php`.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177130.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177130.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177139.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177139.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-8476
reference_id
reference_type
scores
0
value 0.00948
scoring_system epss
scoring_elements 0.76702
published_at 2026-06-04T12:55:00Z
1
value 0.00948
scoring_system epss
scoring_elements 0.76715
published_at 2026-06-08T12:55:00Z
2
value 0.00948
scoring_system epss
scoring_elements 0.76726
published_at 2026-06-07T12:55:00Z
3
value 0.00948
scoring_system epss
scoring_elements 0.76737
published_at 2026-06-06T12:55:00Z
4
value 0.00948
scoring_system epss
scoring_elements 0.76731
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-8476
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8476
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8476
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2015-8476.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2015-8476.yaml
5
reference_url https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0
6
reference_url https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.14
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.14
7
reference_url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-738m-f33v-qc2r
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-738m-f33v-qc2r
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-8476
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-8476
9
reference_url http://www.debian.org/security/2015/dsa-3416
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2015/dsa-3416
10
reference_url http://www.openwall.com/lists/oss-security/2015/12/04/5
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/12/04/5
11
reference_url http://www.openwall.com/lists/oss-security/2015/12/05/1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/12/05/1
12
reference_url http://www.securityfocus.com/bid/78619
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/78619
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807265
reference_id 807265
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807265
14
reference_url http://www.cvedetails.com/cve/CVE-2015-8476/
reference_id CVE-2015-8476
reference_type
scores
url http://www.cvedetails.com/cve/CVE-2015-8476/
15
reference_url https://github.com/advisories/GHSA-738m-f33v-qc2r
reference_id GHSA-738m-f33v-qc2r
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-738m-f33v-qc2r
fixed_packages
0
url pkg:deb/debian/libphp-phpmailer@5.1-1.1
purl pkg:deb/debian/libphp-phpmailer@5.1-1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1a47-cc8v-xbdu
1
vulnerability VCID-1vfj-98ky-yffc
2
vulnerability VCID-3p76-2t3z-kycu
3
vulnerability VCID-c62f-8m1j-tkdu
4
vulnerability VCID-cve1-e7gf-gyax
5
vulnerability VCID-d2jv-nfmb-ckgx
6
vulnerability VCID-svc3-522y-9uce
7
vulnerability VCID-t8sg-ebwy-9yaz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.1-1.1
1
url pkg:deb/debian/libphp-phpmailer@5.2.9%2Bdfsg-2%2Bdeb8u3
purl pkg:deb/debian/libphp-phpmailer@5.2.9%2Bdfsg-2%2Bdeb8u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1a47-cc8v-xbdu
1
vulnerability VCID-1vfj-98ky-yffc
2
vulnerability VCID-3p76-2t3z-kycu
3
vulnerability VCID-c62f-8m1j-tkdu
4
vulnerability VCID-d2jv-nfmb-ckgx
5
vulnerability VCID-svc3-522y-9uce
6
vulnerability VCID-t8sg-ebwy-9yaz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.2.9%252Bdfsg-2%252Bdeb8u3
2
url pkg:deb/debian/libphp-phpmailer@5.2.14%2Bdfsg-2.3%2Bdeb9u1
purl pkg:deb/debian/libphp-phpmailer@5.2.14%2Bdfsg-2.3%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vfj-98ky-yffc
1
vulnerability VCID-3p76-2t3z-kycu
2
vulnerability VCID-c62f-8m1j-tkdu
3
vulnerability VCID-d2jv-nfmb-ckgx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.2.14%252Bdfsg-2.3%252Bdeb9u1
aliases CVE-2015-8476, GHSA-738m-f33v-qc2r
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-svc3-522y-9uce
8
url VCID-t8sg-ebwy-9yaz
vulnerability_id VCID-t8sg-ebwy-9yaz
summary multiple issues
references
0
reference_url http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html
1
reference_url http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10033
reference_id
reference_type
scores
0
value 0.94418
scoring_system epss
scoring_elements 0.99982
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10033
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033
4
reference_url https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
5
reference_url http://seclists.org/fulldisclosure/2016/Dec/78
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url http://seclists.org/fulldisclosure/2016/Dec/78
6
reference_url https://github.com/PHPMailer/PHPMailer
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer
7
reference_url https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18
8
reference_url https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
9
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-10033
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-10033
10
reference_url https://www.drupal.org/psa-2016-004
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.drupal.org/psa-2016-004
11
reference_url https://www.exploit-db.com/exploits/40968
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/40968
12
reference_url https://www.exploit-db.com/exploits/40969
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/40969
13
reference_url https://www.exploit-db.com/exploits/40970
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/40970
14
reference_url https://www.exploit-db.com/exploits/40974
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/40974
15
reference_url https://www.exploit-db.com/exploits/40986
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/40986
16
reference_url https://www.exploit-db.com/exploits/41962
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/41962
17
reference_url https://www.exploit-db.com/exploits/41996
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/41996
18
reference_url https://www.exploit-db.com/exploits/42024
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/42024
19
reference_url https://www.exploit-db.com/exploits/42221
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/42221
20
reference_url http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
21
reference_url http://www.securitytracker.com/id/1037533
reference_id 1037533
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url http://www.securitytracker.com/id/1037533
22
reference_url https://www.exploit-db.com/exploits/40968/
reference_id 40968
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.exploit-db.com/exploits/40968/
23
reference_url https://www.exploit-db.com/exploits/40969/
reference_id 40969
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.exploit-db.com/exploits/40969/
24
reference_url https://www.exploit-db.com/exploits/40970/
reference_id 40970
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.exploit-db.com/exploits/40970/
25
reference_url https://www.exploit-db.com/exploits/40974/
reference_id 40974
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.exploit-db.com/exploits/40974/
26
reference_url https://www.exploit-db.com/exploits/40986/
reference_id 40986
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.exploit-db.com/exploits/40986/
27
reference_url https://www.exploit-db.com/exploits/41962/
reference_id 41962
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.exploit-db.com/exploits/41962/
28
reference_url https://www.exploit-db.com/exploits/41996/
reference_id 41996
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.exploit-db.com/exploits/41996/
29
reference_url https://www.exploit-db.com/exploits/42024/
reference_id 42024
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.exploit-db.com/exploits/42024/
30
reference_url https://www.exploit-db.com/exploits/42221/
reference_id 42221
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.exploit-db.com/exploits/42221/
31
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849365
reference_id 849365
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849365
32
reference_url http://www.securityfocus.com/bid/95108
reference_id 95108
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url http://www.securityfocus.com/bid/95108
33
reference_url https://security.archlinux.org/ASA-201701-22
reference_id ASA-201701-22
reference_type
scores
url https://security.archlinux.org/ASA-201701-22
34
reference_url https://security.archlinux.org/AVG-142
reference_id AVG-142
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-142
35
reference_url https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
reference_id CVE-2016-10033
reference_type exploit
scores
url https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
36
reference_url https://github.com/opsxcq/exploit-CVE-2016-10033/commit/1f6642cf116ecb6b6b96b5ec966915d5100adfe3
reference_id CVE-2016-10033
reference_type exploit
scores
url https://github.com/opsxcq/exploit-CVE-2016-10033/commit/1f6642cf116ecb6b6b96b5ec966915d5100adfe3
37
reference_url https://github.com/rapid7/metasploit-framework/blob/1f4ff30adb09c836dc9cb5f2c2024a244cebd08d/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb
reference_id CVE-2016-10033
reference_type exploit
scores
url https://github.com/rapid7/metasploit-framework/blob/1f4ff30adb09c836dc9cb5f2c2024a244cebd08d/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb
38
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41962.sh
reference_id CVE-2016-10033
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41962.sh
39
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/42024.rb
reference_id CVE-2016-10033
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/42024.rb
40
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40968.sh
reference_id CVE-2016-10033
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40968.sh
41
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40970.php
reference_id CVE-2016-10033
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40970.php
42
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40974.py
reference_id CVE-2016-10033
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40974.py
43
reference_url https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
reference_id CVE-2016-10033
reference_type exploit
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
44
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10033
reference_id CVE-2016-10033
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-10033
45
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2016-10033.yaml
reference_id CVE-2016-10033.YAML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2016-10033.yaml
46
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40969.py
reference_id CVE-2016-10045;CVE-2016-10033
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40969.py
47
reference_url https://exploitbox.io/vuln/Vanilla-Forums-Exploit-RCE-0day-Remote-Code-Exec-CVE-2016-10033.html
reference_id CVE-2016-10073;CVE-2016-10033
reference_type exploit
scores
url https://exploitbox.io/vuln/Vanilla-Forums-Exploit-RCE-0day-Remote-Code-Exec-CVE-2016-10033.html
48
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/41996.sh
reference_id CVE-2016-10073;CVE-2016-10033
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/41996.sh
49
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40986.py
reference_id CVE-2016-10074;CVE-2016-10045;CVE-2016-10034;CVE-2016-10033
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40986.py
50
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/42221.py
reference_id CVE-2016-10074;CVE-2016-10045;CVE-2016-10034;CVE-2016-10033
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/42221.py
51
reference_url https://legalhackers.com/videos/PHPMailer-Exploit-Remote-Code-Exec-Vuln-CVE-2016-10033-PoC.html
reference_id CVE-2016-10074;CVE-2016-10045;CVE-2016-10034;CVE-2016-10033
reference_type exploit
scores
url https://legalhackers.com/videos/PHPMailer-Exploit-Remote-Code-Exec-Vuln-CVE-2016-10033-PoC.html
52
reference_url https://github.com/advisories/GHSA-5f37-gxvh-23v6
reference_id GHSA-5f37-gxvh-23v6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5f37-gxvh-23v6
53
reference_url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-5f37-gxvh-23v6
reference_id GHSA-5f37-gxvh-23v6
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-5f37-gxvh-23v6
54
reference_url http://www.securityfocus.com/archive/1/539963/100/0/threaded
reference_id threaded
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url http://www.securityfocus.com/archive/1/539963/100/0/threaded
55
reference_url https://usn.ubuntu.com/5956-1/
reference_id USN-5956-1
reference_type
scores
url https://usn.ubuntu.com/5956-1/
fixed_packages
0
url pkg:deb/debian/libphp-phpmailer@5.2.9%2Bdfsg-2%2Bdeb8u3
purl pkg:deb/debian/libphp-phpmailer@5.2.9%2Bdfsg-2%2Bdeb8u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1a47-cc8v-xbdu
1
vulnerability VCID-1vfj-98ky-yffc
2
vulnerability VCID-3p76-2t3z-kycu
3
vulnerability VCID-c62f-8m1j-tkdu
4
vulnerability VCID-d2jv-nfmb-ckgx
5
vulnerability VCID-svc3-522y-9uce
6
vulnerability VCID-t8sg-ebwy-9yaz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.2.9%252Bdfsg-2%252Bdeb8u3
1
url pkg:deb/debian/libphp-phpmailer@5.2.14%2Bdfsg-2.3%2Bdeb9u1
purl pkg:deb/debian/libphp-phpmailer@5.2.14%2Bdfsg-2.3%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vfj-98ky-yffc
1
vulnerability VCID-3p76-2t3z-kycu
2
vulnerability VCID-c62f-8m1j-tkdu
3
vulnerability VCID-d2jv-nfmb-ckgx
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.2.14%252Bdfsg-2.3%252Bdeb9u1
aliases CVE-2016-10033, GHSA-5f37-gxvh-23v6
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t8sg-ebwy-9yaz
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@1.73-2