PHPMailer Project PHPMailer 6.3.0

CPE Details

PHPMailer Project PHPMailer 6.3.0
phpmailer_project
phpmailer
6.3.0
2021-05-03
09h27 +00:00
2021-05-06
15h37 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:phpmailer_project:phpmailer:6.3.0:*:*:*:*:*:*:*

Informations

Vendor

phpmailer_project

Product

phpmailer

Version

6.3.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-3603 2021-06-17 10h09 +00:00 PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names.
8.1
Haute
CVE-2021-34551 2021-06-16 15h23 +00:00 PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.
8.1
Haute
CVE-2020-36326 2021-04-28 00h21 +00:00 PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation.
9.8
Critique