Search for packages
| purl | pkg:deb/debian/libphp-phpmailer@1.73-2etch1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-429k-1vmw-kfgp
Aliases: CVE-2017-11503 GHSA-58mj-pw57-4vm2 |
Affected by 2 other vulnerabilities. |
|
|
VCID-6t22-awsw-fybd
Aliases: CVE-2015-8476 GHSA-738m-f33v-qc2r |
SMTP Injection in PHPMailer ### Impact Attackers could inject arbitrary SMTP commands via by exploiting the fact that valid email addresses may contain line breaks, which are not handled correctly in some contexts. ### Patches Fixed in 5.2.14 in [this commit](https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0). ### Workarounds Manually strip line breaks from email addresses before passing them to PHPMailer. ### References https://nvd.nist.gov/vuln/detail/CVE-2015-8476 ### For more information If you have any questions or comments about this advisory: * Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer) |
Affected by 8 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-6tyt-xhs3-1bbg
Aliases: CVE-2007-3215 GHSA-6h78-85v2-mmch |
PHPMailer Shell command injection PHPMailer before 1.7.4, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in `class.phpmailer.php`. ### Impact Shell command injection, remotely exploitable if host application does not filter user data appropriately. ### Patches Fixed in 1.7.4 ### Workarounds Filter and validate user-supplied data before putting in the into the `Sender` property. ### References https://nvd.nist.gov/vuln/detail/CVE-2007-3215 ### For more information If you have any questions or comments about this advisory: * Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer) |
Affected by 8 other vulnerabilities. |
|
VCID-p3ee-1tqh-jycz
Aliases: CVE-2016-10033 GHSA-5f37-gxvh-23v6 |
Affected by 7 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
|
VCID-tgrc-1eek-q7e9
Aliases: CVE-2018-19296 GHSA-7w4p-72j7-v7c2 |
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. |
Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-vc72-ptj1-kyh4
Aliases: CVE-2020-13625 GHSA-f7hx-fqxw-rvvj |
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. |
Affected by 1 other vulnerability. |
|
VCID-vqjk-32b7-zkgz
Aliases: CVE-2020-36326 GHSA-m298-fh5c-jc66 |
Object injection in PHPMailer/PHPMailer ### Impact This is a reintroduction of an earlier issue (CVE-2018-19296) by an unrelated bug fix in PHPMailer 6.1.8. An external file may be unexpectedly executable if it is used as a path to an attachment file via PHP's support for `.phar` files`. Exploitation requires that an attacker is able to provide an unfiltered path to a file to attach, or to trick calling code into generating one. See [this article](https://knasmueller.net/5-answers-about-php-phar-exploitation) for more info. ### Patches This issue was patched in the PHPMailer 6.4.1 release. This release also implements stricter filtering for attachment paths; paths that look like *any* kind of URL are rejected. ### Workarounds Validate paths to loaded files using the same pattern as used in [`isPermittedPath()`](https://github.com/PHPMailer/PHPMailer/blob/master/src/PHPMailer.php#L1815) before using them in *any* PHP file function, such as `file_exists`. This method can't be used directly because it is protected, but you can implement the same thing in calling code. Note that this should be applied to *all* user-supplied paths passed into such functions; it's not a problem specific to PHPMailer. ### Credit This issue was found by Fariskhi Vidyan, reported and managed via Tidelift. |
Affected by 1 other vulnerability. |
|
VCID-xhxb-gh4u-57gh
Aliases: CVE-2017-5223 GHSA-4x5h-cr29-fhp6 |
Affected by 4 other vulnerabilities. |
|
|
VCID-y43f-hy6z-gbdn
Aliases: DSA-3750-2 libphp-phpmailer |
regression update |
Affected by 7 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||