Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Inclusion of Functionality from Untrusted Control Sphere in PHPMailer/PHPMailer
Vulnerability Description
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
从非可信控制范围包含功能例程
Vulnerability Title
PHPMailer 安全漏洞
Vulnerability Description
PHPMailer是一个用于发送电子邮件的PHP类库。 PHPMailer 存在安全漏洞,允许远程攻击者在目标系统上执行任意 PHP 代码。以下产品及版本受到影响:PHPMailer:2.0.3,2.2.1,2.3.0,5.0.0,5.0.2,5.1.0,5.2,5,5.2.0,5.2.1,5.2.2,5.2.3,5.2.4,5.2.5,5.2.6,5.2.7,5.2.85.2.95.2.105.2.115.2.125.2.135.2.145.2.15,5.2.16,5.2.17,5.2.18,5.2.1
CVSS Information
N/A
Vulnerability Type
N/A