Low severityNVD Advisory· Published Dec 16, 2015· Updated Jun 17, 2026
CVE-2015-8476
CVE-2015-8476
Description
Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpmailer/phpmailerPackagist | >= 5.0.0, < 5.2.14 | 5.2.14 |
Affected products
5Patches
Vulnerability mechanics
References
12- github.com/PHPMailer/PHPMailer/releases/tag/v5.2.14nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-738m-f33v-qc2rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-8476ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2016-February/177130.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2016-February/177139.htmlnvdWEB
- www.debian.org/security/2015/dsa-3416nvdWEB
- www.openwall.com/lists/oss-security/2015/12/04/5nvdWEB
- www.openwall.com/lists/oss-security/2015/12/05/1nvdWEB
- www.securityfocus.com/bid/78619nvdWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2015-8476.yamlghsaWEB
- github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0nvdWEB
- github.com/PHPMailer/PHPMailer/security/advisories/GHSA-738m-f33v-qc2rghsaWEB
News mentions
0No linked articles in our index yet.