VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-6t22-awsw-fybd

Essentials
Severities (29)
References (16)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-6t22-awsw-fybd
Aliases	CVE-2015-8476 GHSA-738m-f33v-qc2r
Summary	SMTP Injection in PHPMailer ### Impact Attackers could inject arbitrary SMTP commands via by exploiting the fact that valid email addresses may contain line breaks, which are not handled correctly in some contexts. ### Patches Fixed in 5.2.14 in [this commit](https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0). ### Workarounds Manually strip line breaks from email addresses before passing them to PHPMailer. ### References https://nvd.nist.gov/vuln/detail/CVE-2015-8476 ### For more information If you have any questions or comments about this advisory: * Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer)
Status	Published
Exploitability	0.5
Weighted Severity	2.7
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-20	Improper Input Validation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	LOW	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177130.html
generic_textual	LOW	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177139.html
epss	0.00948	https://api.first.org/data/v1/epss?cve=CVE-2015-8476
epss	0.00948	https://api.first.org/data/v1/epss?cve=CVE-2015-8476
epss	0.00948	https://api.first.org/data/v1/epss?cve=CVE-2015-8476
epss	0.00948	https://api.first.org/data/v1/epss?cve=CVE-2015-8476
epss	0.00948	https://api.first.org/data/v1/epss?cve=CVE-2015-8476
epss	0.00948	https://api.first.org/data/v1/epss?cve=CVE-2015-8476
epss	0.00948	https://api.first.org/data/v1/epss?cve=CVE-2015-8476
epss	0.00948	https://api.first.org/data/v1/epss?cve=CVE-2015-8476
epss	0.00948	https://api.first.org/data/v1/epss?cve=CVE-2015-8476
epss	0.00948	https://api.first.org/data/v1/epss?cve=CVE-2015-8476
epss	0.00948	https://api.first.org/data/v1/epss?cve=CVE-2015-8476
epss	0.00948	https://api.first.org/data/v1/epss?cve=CVE-2015-8476
epss	0.00948	https://api.first.org/data/v1/epss?cve=CVE-2015-8476
epss	0.00948	https://api.first.org/data/v1/epss?cve=CVE-2015-8476
epss	0.00948	https://api.first.org/data/v1/epss?cve=CVE-2015-8476
epss	0.00948	https://api.first.org/data/v1/epss?cve=CVE-2015-8476
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-738m-f33v-qc2r
generic_textual	LOW	https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2015-8476.yaml
generic_textual	LOW	https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0
generic_textual	LOW	https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.14
cvssv3.1_qr	LOW	https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-738m-f33v-qc2r
generic_textual	LOW	https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-738m-f33v-qc2r
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2015-8476
generic_textual	LOW	http://www.debian.org/security/2015/dsa-3416
generic_textual	LOW	http://www.openwall.com/lists/oss-security/2015/12/04/5
generic_textual	LOW	http://www.openwall.com/lists/oss-security/2015/12/05/1
generic_textual	LOW	http://www.securityfocus.com/bid/78619

Reference id	Reference type	URL
		http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177130.html
		http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177139.html
		https://api.first.org/data/v1/epss?cve=CVE-2015-8476
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8476
		https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2015-8476.yaml
		https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0
		https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.14
		https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-738m-f33v-qc2r
		https://nvd.nist.gov/vuln/detail/CVE-2015-8476
		http://www.debian.org/security/2015/dsa-3416
		http://www.openwall.com/lists/oss-security/2015/12/04/5
		http://www.openwall.com/lists/oss-security/2015/12/05/1
		http://www.securityfocus.com/bid/78619
807265		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807265
CVE-2015-8476		http://www.cvedetails.com/cve/CVE-2015-8476/
GHSA-738m-f33v-qc2r		https://github.com/advisories/GHSA-738m-f33v-qc2r

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.7539
EPSS Score	0.00948
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:47:40.672977+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/03/GHSA-738m-f33v-qc2r/GHSA-738m-f33v-qc2r.json	37.0.0