Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-n13m-y4ks-euep
Summary
Improper Control of Generation of Code ('Code Injection')
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.
Aliases
0
alias CVE-2008-5619
1
alias GHSA-v5c9-mmw9-829q
Fixed_packages
0
url pkg:composer/phpmailer/phpmailer@5.2.10
purl pkg:composer/phpmailer/phpmailer@5.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-xrtk-1rmg-7uca
7
vulnerability VCID-ywsv-ddhg-b7es
8
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.10
1
url pkg:deb/debian/roundcube@0.1.1-9?distro=trixie
purl pkg:deb/debian/roundcube@0.1.1-9?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@0.1.1-9%3Fdistro=trixie
2
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rdb5-bbvn-7fcq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4%3Fdistro=trixie
3
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6%3Fdistro=trixie
4
url pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.13%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-1%3Fdistro=trixie
Affected_packages
0
url pkg:composer/phpmailer/phpmailer@5.2.2
purl pkg:composer/phpmailer/phpmailer@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.2
1
url pkg:composer/phpmailer/phpmailer@5.2.4
purl pkg:composer/phpmailer/phpmailer@5.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.4
2
url pkg:composer/phpmailer/phpmailer@5.2.5
purl pkg:composer/phpmailer/phpmailer@5.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.5
3
url pkg:composer/phpmailer/phpmailer@5.2.6
purl pkg:composer/phpmailer/phpmailer@5.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.6
4
url pkg:composer/phpmailer/phpmailer@5.2.7
purl pkg:composer/phpmailer/phpmailer@5.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.7
5
url pkg:composer/phpmailer/phpmailer@5.2.8
purl pkg:composer/phpmailer/phpmailer@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.8
6
url pkg:composer/phpmailer/phpmailer@5.2.9
purl pkg:composer/phpmailer/phpmailer@5.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.9
References
0
reference_url http://mahara.org/interaction/forum/topic.php?id=533
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://mahara.org/interaction/forum/topic.php?id=533
1
reference_url http://osvdb.org/53893
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://osvdb.org/53893
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5619.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5619.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-5619
reference_id
reference_type
scores
0
value 0.77692
scoring_system epss
scoring_elements 0.98995
published_at 2026-04-16T12:55:00Z
1
value 0.77692
scoring_system epss
scoring_elements 0.98994
published_at 2026-04-12T12:55:00Z
2
value 0.77692
scoring_system epss
scoring_elements 0.98993
published_at 2026-04-11T12:55:00Z
3
value 0.77692
scoring_system epss
scoring_elements 0.98991
published_at 2026-04-09T12:55:00Z
4
value 0.77692
scoring_system epss
scoring_elements 0.98992
published_at 2026-04-08T12:55:00Z
5
value 0.77692
scoring_system epss
scoring_elements 0.9899
published_at 2026-04-07T12:55:00Z
6
value 0.77692
scoring_system epss
scoring_elements 0.98988
published_at 2026-04-04T12:55:00Z
7
value 0.77692
scoring_system epss
scoring_elements 0.98986
published_at 2026-04-02T12:55:00Z
8
value 0.77692
scoring_system epss
scoring_elements 0.98997
published_at 2026-04-18T12:55:00Z
9
value 0.77692
scoring_system epss
scoring_elements 0.98984
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-5619
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5619
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5619
5
reference_url http://secunia.com/advisories/33145
reference_id
reference_type
scores
url http://secunia.com/advisories/33145
6
reference_url http://secunia.com/advisories/33170
reference_id
reference_type
scores
url http://secunia.com/advisories/33170
7
reference_url http://secunia.com/advisories/34789
reference_id
reference_type
scores
url http://secunia.com/advisories/34789
8
reference_url https://github.com/PHPMailer/PHPMailer
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer
9
reference_url https://github.com/PHPMailer/PHPMailer/commit/8beacc646acb67c995aea10ac5585970efc7355a
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/commit/8beacc646acb67c995aea10ac5585970efc7355a
10
reference_url http://sourceforge.net/forum/forum.php?forum_id=898542
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://sourceforge.net/forum/forum.php?forum_id=898542
11
reference_url https://www.exploit-db.com/exploits/7549
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/7549
12
reference_url https://www.exploit-db.com/exploits/7553
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/7553
13
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00783.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00783.html
14
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00802.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00802.html
15
reference_url http://trac.roundcube.net/changeset/2148
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://trac.roundcube.net/changeset/2148
16
reference_url http://trac.roundcube.net/ticket/1485618
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://trac.roundcube.net/ticket/1485618
17
reference_url http://www.openwall.com/lists/oss-security/2008/12/12/1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2008/12/12/1
18
reference_url http://www.securityfocus.com/archive/1/499489/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/499489/100/0/threaded
19
reference_url http://www.vupen.com/english/advisories/2008/3418
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2008/3418
20
reference_url http://www.vupen.com/english/advisories/2008/3419
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2008/3419
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=476223
reference_id 476223
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=476223
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508628
reference_id 508628
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508628
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:0.2.1:alpha:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:0.2.1:alpha:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:0.2.1:alpha:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:0.2.3:beta:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:0.2.3:beta:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:0.2.3:beta:*:*:*:*:*:*
25
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/7549.txt
reference_id CVE-2008-5619
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/7549.txt
26
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/7553.sh
reference_id CVE-2008-5619
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/7553.sh
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-5619
reference_id CVE-2008-5619
reference_type
scores
0
value 10.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:C/I:C/A:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2008-5619
28
reference_url https://github.com/advisories/GHSA-v5c9-mmw9-829q
reference_id GHSA-v5c9-mmw9-829q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v5c9-mmw9-829q
29
reference_url https://usn.ubuntu.com/791-1/
reference_id USN-791-1
reference_type
scores
url https://usn.ubuntu.com/791-1/
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 78
name Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 94
name Improper Control of Generation of Code ('Code Injection')
description The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Exploits
0
date_added 2008-12-21
description Roundcube Webmail 0.2b - Remote Code Execution
required_action null
due_date null
notes null
known_ransomware_campaign_use true
source_date_published 2008-12-22
exploit_type webapps
platform php
source_date_updated 2011-04-27
data_source Exploit-DB
source_url
Severity_range_score7.0 - 10.0
Exploitability2.0
Weighted_severity9.0
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-n13m-y4ks-euep