High severityNVD Advisory· Published Jun 16, 2021· Updated Aug 4, 2024
CVE-2021-34551
CVE-2021-34551
Description
PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpmailer/phpmailerPackagist | < 6.5.0 | 6.5.0 |
Affected products
3- PHPMailer/PHPMailerdescription
- osv-coords2 versions
< 6.5.0+ 1 more
- (no CPE)range: < 6.5.0
- (no CPE)range: < 6.5.0
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
11- github.com/advisories/GHSA-7q44-r25x-wm4qghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YRMWGA4VTMXFB22KICMB7YMFZNFV3EJ/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJYSOFCUBS67J3TKR74SD3C454N7VTYM/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2021-34551ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2021-34551.yamlghsaWEB
- github.com/PHPMailer/PHPMailer/blob/master/SECURITY.mdghsax_refsource_CONFIRMWEB
- github.com/PHPMailer/PHPMailer/commit/acd264bf17ff4ac5c915f0d4226dce8a9ea70bc3ghsaWEB
- github.com/PHPMailer/PHPMailer/releases/tag/v6.5.0ghsaWEB
- github.com/PHPMailer/PHPMailer/security/advisories/GHSA-7q44-r25x-wm4qghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YRMWGA4VTMXFB22KICMB7YMFZNFV3EJghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJYSOFCUBS67J3TKR74SD3C454N7VTYMghsaWEB
News mentions
0No linked articles in our index yet.