Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/libphp-phpmailer@1.73-2etch1
purl pkg:deb/debian/libphp-phpmailer@1.73-2etch1
Next non-vulnerable version 6.6.3-1
Latest non-vulnerable version 6.6.3-1
Risk 10.0
Vulnerabilities affecting this package (9)
Vulnerability Summary Fixed by
VCID-1a47-cc8v-xbdu
Aliases:
CVE-2017-5223
GHSA-4x5h-cr29-fhp6
Local File Disclosure PHPMailer's `msgHTML` method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to `/`, meaning that relative image URLs get treated as absolute local file paths and added as attachments.
5.2.14+dfsg-2.3+deb9u1
Affected by 4 other vulnerabilities.
VCID-1vfj-98ky-yffc
Aliases:
CVE-2017-11503
GHSA-58mj-pw57-4vm2
XSS vulnerability in code example The `code_generator.phps` example does not filter user input prior to output. This file is distributed with a `.phps` extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There's also an undisclosed potential XSS vulnerability in the default exception handler (unused by default).
6.0.6-0.1
Affected by 2 other vulnerabilities.
VCID-3p76-2t3z-kycu
Aliases:
CVE-2018-19296
GHSA-7w4p-72j7-v7c2
Object injection PHPMailer is vulnerable to an object injection attack.
5.2.14+dfsg-2.3+deb9u1
Affected by 4 other vulnerabilities.
6.0.6-0.1
Affected by 2 other vulnerabilities.
VCID-c62f-8m1j-tkdu
Aliases:
CVE-2020-13625
GHSA-f7hx-fqxw-rvvj
Improper Encoding or Escaping of Output PHPMailer contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.
6.2.0-2
Affected by 1 other vulnerability.
VCID-cve1-e7gf-gyax
Aliases:
DSA-3750-2 libphp-phpmailer
regression update
5.2.9+dfsg-2+deb8u3
Affected by 7 other vulnerabilities.
VCID-d2jv-nfmb-ckgx
Aliases:
CVE-2020-36326
GHSA-m298-fh5c-jc66
Deserialization of Untrusted Data PHPMailer allows object injection through `Phar` deserialization via the `addAttachment` with a UNC pathname.
6.2.0-2
Affected by 1 other vulnerability.
VCID-jgpk-6myg-mkds
Aliases:
CVE-2007-3215
GHSA-6h78-85v2-mmch
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
1.73-6
Affected by 8 other vulnerabilities.
VCID-svc3-522y-9uce
Aliases:
CVE-2015-8476
GHSA-738m-f33v-qc2r
Multiple CRLF injection vulnerabilities allow attackers to inject arbitrary SMTP commands via CRLF sequences in an email address to the `validateAddress` function in `class.phpmailer.php` or SMTP command to the `sendCommand` function in `class.smtp.php`.
5.1-1.1
Affected by 8 other vulnerabilities.
5.2.9+dfsg-2+deb8u3
Affected by 7 other vulnerabilities.
5.2.14+dfsg-2.3+deb9u1
Affected by 4 other vulnerabilities.
VCID-t8sg-ebwy-9yaz
Aliases:
CVE-2016-10033
GHSA-5f37-gxvh-23v6
multiple issues
5.2.9+dfsg-2+deb8u3
Affected by 7 other vulnerabilities.
5.2.14+dfsg-2.3+deb9u1
Affected by 4 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T03:18:14.861287+00:00 Debian Oval Importer Affected by VCID-1a47-cc8v-xbdu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T03:00:25.445517+00:00 Debian Oval Importer Affected by VCID-1vfj-98ky-yffc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T02:07:12.744794+00:00 Debian Oval Importer Affected by VCID-c62f-8m1j-tkdu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T02:04:51.038480+00:00 Debian Oval Importer Affected by VCID-svc3-522y-9uce https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T01:31:32.154099+00:00 Debian Oval Importer Affected by VCID-jgpk-6myg-mkds https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T01:28:58.585931+00:00 Debian Oval Importer Affected by VCID-3p76-2t3z-kycu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T00:17:32.853020+00:00 Debian Oval Importer Affected by VCID-d2jv-nfmb-ckgx https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-05T22:11:45.587967+00:00 Debian Oval Importer Affected by VCID-3p76-2t3z-kycu https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 38.6.0
2026-06-05T22:08:03.442277+00:00 Debian Oval Importer Affected by VCID-svc3-522y-9uce https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-05T21:24:36.310339+00:00 Debian Oval Importer Affected by VCID-cve1-e7gf-gyax https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-04T20:03:43.492402+00:00 Debian Oval Importer Affected by VCID-svc3-522y-9uce https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 38.6.0
2026-06-02T00:22:02.324621+00:00 Debian Oval Importer Affected by VCID-t8sg-ebwy-9yaz https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-01T21:14:45.257048+00:00 Debian Oval Importer Affected by VCID-t8sg-ebwy-9yaz https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0