CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-19296

HIGH
8.8
CVSS Severity Score
EPSS Score0.1180%
EPSS Percentile28.81th
Published2018年11月16日
Last Modified2024年11月21日

Vulnerability Description

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.

Affected Platforms (CPE)

📦
Phpmailer Project

Phpmailer

< 5.2.27
📦
Phpmailer Project

Phpmailer

>= 6.0.0 and < 6.0.6
💻
Debian

Debian Linux

= 8.0
💻
Debian

Debian Linux

= 9.0
💻
Fedoraproject

Fedora

= 33
💻
Fedoraproject

Fedora

= 34
📦
Wordpress

Wordpress

>= 3.7 and <= 5.7

References & Advisories

🔗 https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27
🔗 https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6
🔗 https://lists.debian.org/debian-lts-announce/2018/12/msg00020.html
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/
🔗 https://www.debian.org/security/2018/dsa-4351
🔗 https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27
🔗 https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6

関連する脆弱性情報

CVE-2008-561910.0

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alp...

CVE-2016-100339.8

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to ...

CVE-2020-363269.8

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: th...

CVE-2016-100459.8

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and cons...