Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/libphp-phpmailer@5.2.14%2Bdfsg-2.1?distro=trixie
purl pkg:deb/debian/libphp-phpmailer@5.2.14%2Bdfsg-2.1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-cq4m-3q7u-cbg3 Remote code execution in PHPMailer ### Impact The `mailSend` function in the default `isMail` transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted `Sender` property. ### Patches Fixed in 5.2.18 ### Workarounds Filter and validate user input before passing it to internal functions. ### References https://nvd.nist.gov/vuln/detail/CVE-2016-10033 Related to a follow-on issue in https://nvd.nist.gov/vuln/detail/CVE-2016-10045 ### For more information If you have any questions or comments about this advisory: * Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer) CVE-2016-10033
GHSA-5f37-gxvh-23v6

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T10:34:37.382471+00:00 Debian Importer Fixing VCID-cq4m-3q7u-cbg3 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T07:08:41.828409+00:00 Debian Importer Fixing VCID-cq4m-3q7u-cbg3 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:29:13.564704+00:00 Debian Importer Fixing VCID-cq4m-3q7u-cbg3 https://security-tracker.debian.org/tracker/data/json 38.1.0