CyberSec.Space Logo
Back to CVE Browser

CVE-2020-36326

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1290%
EPSS Percentile14.84th
PublishedApr 28, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation.

Affected Platforms (CPE)

πŸ“¦
Phpmailer Project

Phpmailer

>= 6.1.8 and <= 6.4.0
πŸ“¦
Wordpress

Wordpress

>= 3.7 and < 3.7.36
πŸ“¦
Wordpress

Wordpress

>= 3.8 and < 3.8.36
πŸ“¦
Wordpress

Wordpress

>= 3.9 and < 3.9.34
πŸ“¦
Wordpress

Wordpress

>= 4.0 and < 4.0.33
πŸ“¦
Wordpress

Wordpress

>= 4.1 and < 4.1.33
πŸ“¦
Wordpress

Wordpress

>= 4.2 and < 4.2.30
πŸ“¦
Wordpress

Wordpress

>= 4.3 and < 4.3.26
πŸ“¦
Wordpress

Wordpress

>= 4.4 and < 4.4.25
πŸ“¦
Wordpress

Wordpress

>= 4.5 and < 4.5.24
πŸ“¦
Wordpress

Wordpress

>= 4.6 and < 4.6.21
πŸ“¦
Wordpress

Wordpress

>= 4.7 and < 4.7.21
πŸ“¦
Wordpress

Wordpress

>= 4.8 and < 4.8.17
πŸ“¦
Wordpress

Wordpress

>= 4.9 and < 4.9.18
πŸ“¦
Wordpress

Wordpress

>= 5.0 and < 5.0.13
πŸ“¦
Wordpress

Wordpress

>= 5.1 and < 5.1.10
πŸ“¦
Wordpress

Wordpress

>= 5.2 and < 5.2.11
πŸ“¦
Wordpress

Wordpress

>= 5.3 and < 5.3.8
πŸ“¦
Wordpress

Wordpress

>= 5.4 and < 5.4.6
πŸ“¦
Wordpress

Wordpress

>= 5.5 and < 5.5.5
πŸ“¦
Wordpress

Wordpress

>= 5.6 and < 5.6.4
πŸ“¦
Wordpress

Wordpress

>= 5.7 and < 5.7.2

References & Advisories

πŸ”— https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/
πŸ”— https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/

Related Vulnerabilities

CVE-2008-561910.0

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alp...

CVE-2016-100459.8

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and cons...

CVE-2016-100339.8

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to ...

CVE-2018-192968.8

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.