High severityNVD Advisory· Published Dec 17, 2008· Updated Jun 16, 2026
CVE-2008-5619
CVE-2008-5619
Description
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpmailer/phpmailerPackagist | < 5.2.10 | 5.2.10 |
Affected products
6- Range: <5.2.10
- Range: 0.2-1.alpha, 0.2-3.beta
Patches
Vulnerability mechanics
References
19- trac.roundcube.net/changeset/2148nvdExploitWEB
- trac.roundcube.net/ticket/1485618nvdExploitWEB
- secunia.com/advisories/33170nvdVendor Advisory
- sourceforge.net/forum/forum.phpnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-v5c9-mmw9-829qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2008-5619ghsaADVISORY
- mahara.org/interaction/forum/topic.phpnvdWEB
- osvdb.org/53893nvdWEB
- www.openwall.com/lists/oss-security/2008/12/12/1nvdWEB
- github.com/PHPMailer/PHPMailer/commit/8beacc646acb67c995aea10ac5585970efc7355anvdWEB
- www.exploit-db.com/exploits/7549nvdWEB
- www.exploit-db.com/exploits/7553nvdWEB
- www.redhat.com/archives/fedora-package-announce/2008-December/msg00783.htmlnvdWEB
- www.redhat.com/archives/fedora-package-announce/2008-December/msg00802.htmlnvdWEB
- secunia.com/advisories/33145nvd
- secunia.com/advisories/34789nvd
- www.securityfocus.com/archive/1/499489/100/0/threadednvd
- www.vupen.com/english/advisories/2008/3418nvd
- www.vupen.com/english/advisories/2008/3419nvd
News mentions
0No linked articles in our index yet.