Recommend this page to a friend! |
Classes of akeel | F3A | vendor/phpmailer/phpmailer/SECURITY.md | Download |
|
DownloadSecurity notices relating to PHPMailerPlease disclose any vulnerabilities found responsibly - report any security problems found to the maintainers privately. PHPMailer versions prior to 6.0.6 and 5.2.27 are vulnerable to an object injection attack by passing PHPMailer versions prior to 5.2.24 (released July 26th 2017) have an XSS vulnerability in one of the code examples, CVE-2017-11503. The PHPMailer versions prior to 5.2.22 (released January 9th 2017) have a local file disclosure vulnerability, CVE-2017-5223. If content passed into PHPMailer versions prior to 5.2.20 (released December 28th 2016) are vulnerable to CVE-2016-10045 a remote code execution vulnerability, responsibly reported by Dawid Golunski, and patched by Paul Buonopane (@Zenexer). PHPMailer versions prior to 5.2.18 (released December 2016) are vulnerable to CVE-2016-10033 a remote code execution vulnerability, responsibly reported by Dawid Golunski. PHPMailer versions prior to 5.2.14 (released November 2015) are vulnerable to CVE-2015-8476 an SMTP CRLF injection bug permitting arbitrary message sending. PHPMailer versions prior to 5.2.10 (released May 2015) are vulnerable to CVE-2008-5619, a remote code execution vulnerability in the bundled html2text library. This file was removed in 5.2.10, so if you are using a version prior to that and make use of the html2text function, it's vitally important that you upgrade and remove this file. PHPMailer versions prior to 2.0.7 and 2.2.1 are vulnerable to CVE-2012-0796, an email header injection attack. Joomla 1.6.0 uses PHPMailer in an unsafe way, allowing it to reveal local file paths, reported in CVE-2011-3747. PHPMailer didn't sanitise the PHPMailer 1.7.2 and earlier contained a possible DDoS vulnerability reported in CVE-2005-1807. PHPMailer 1.7 and earlier (June 2003) have a possible vulnerability in the |