VYPR
Vendor

Phpmailer Project

Products
1
CVEs
9
Across products
9
Status
Private

Products

1

Recent CVEs

9
  • CVE-2016-10033CriKEVDec 30, 2016
    risk 0.80cvss 9.8epss 1.00

    The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

  • CVE-2016-10045CriDec 30, 2016
    risk 0.68cvss 9.8epss 0.98

    The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail…

  • CVE-2017-11503MedJul 20, 2017
    risk 0.40cvss 6.1epss 0.02

    PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.

  • CVE-2017-5223MedJan 16, 2017
    risk 0.39cvss 5.5epss 0.02

    An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base…

  • CVE-2005-1807May 28, 2005
    risk 0.03cvss epss 0.04

    The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field.

  • CVE-2021-3603Jun 17, 2021
    risk 0.00cvss epss 0.02

    PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by…

  • CVE-2015-8476Dec 16, 2015
    risk 0.00cvss epss 0.02

    Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in…

  • CVE-2008-5619Dec 17, 2008
    risk 0.00cvss epss 0.54

    html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the…

  • CVE-2007-3215Jun 14, 2007
    risk 0.00cvss epss 0.02

    PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.