cvelistv5 - CVE-2020-36326

CVE-2020-36326 (GCVE-0-2020-36326)

Vulnerability from cvelistv5 – Published: 2021-04-28 02:21 – Updated: 2024-08-04 17:23

Summary

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/PHPMailer/PHPMailer/commit/e2e…	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:23:10.518Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9"
          },
          {
            "name": "FEDORA-2021-b21bbfa198",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/"
          },
          {
            "name": "FEDORA-2021-ecf4fed550",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-12T17:06:28",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9"
        },
        {
          "name": "FEDORA-2021-b21bbfa198",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/"
        },
        {
          "name": "FEDORA-2021-ecf4fed550",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-36326",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9",
              "refsource": "MISC",
              "url": "https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9"
            },
            {
              "name": "FEDORA-2021-b21bbfa198",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/"
            },
            {
              "name": "FEDORA-2021-ecf4fed550",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36326",
    "datePublished": "2021-04-28T02:21:53",
    "dateReserved": "2021-04-28T00:00:00",
    "dateUpdated": "2024-08-04T17:23:10.518Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmailer_project:phpmailer:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.1.8\", \"versionEndIncluding\": \"6.4.0\", \"matchCriteriaId\": \"5E408867-E88B-4359-A288-4EFB791D0078\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.7\", \"versionEndExcluding\": \"3.7.36\", \"matchCriteriaId\": \"D7107F37-08EA-4338-8C02-72AF08A65160\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.8\", \"versionEndExcluding\": \"3.8.36\", \"matchCriteriaId\": \"6AC1DE0D-A45C-481F-BB86-90B0EE362DF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.9\", \"versionEndExcluding\": \"3.9.34\", \"matchCriteriaId\": \"D868EAD0-A15B-4DA6-8083-DF59B0F76F3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0\", \"versionEndExcluding\": \"4.0.33\", \"matchCriteriaId\": \"16565DA9-2069-4E4C-93B6-1A770D4FAFF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.1\", \"versionEndExcluding\": \"4.1.33\", \"matchCriteriaId\": \"838ACC2C-7BFB-4F33-9C09-3169C71E058F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.2\", \"versionEndExcluding\": \"4.2.30\", \"matchCriteriaId\": \"9491276F-8D9B-451A-B127-7633C958B269\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.3\", \"versionEndExcluding\": \"4.3.26\", \"matchCriteriaId\": \"3A9E7881-CF97-47B9-A2D9-9C3FE15CC539\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.4\", \"versionEndExcluding\": \"4.4.25\", \"matchCriteriaId\": \"786BB974-B009-479F-9729-D03C0A8BA7BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.5\", \"versionEndExcluding\": \"4.5.24\", \"matchCriteriaId\": \"2BF5B2B8-242D-4370-8CB7-30B063A39CC2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.6\", \"versionEndExcluding\": \"4.6.21\", \"matchCriteriaId\": \"75662A23-D9BB-4986-A2C1-4CD0D5D8C4CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.7\", \"versionEndExcluding\": \"4.7.21\", \"matchCriteriaId\": \"484017D5-2002-4701-91D2-13CB63BD5D2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.8\", \"versionEndExcluding\": \"4.8.17\", \"matchCriteriaId\": \"FB2A8F54-BA4C-433F-A50B-EFB430810D94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.9\", \"versionEndExcluding\": \"4.9.18\", \"matchCriteriaId\": \"CABB1071-DA21-4334-B1EC-64A1F144F563\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0\", \"versionEndExcluding\": \"5.0.13\", \"matchCriteriaId\": \"3409E74E-8229-47D3-BC4D-F9B59EEC26CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.1\", \"versionEndExcluding\": \"5.1.10\", \"matchCriteriaId\": \"B41B2EA6-0370-4DE9-B756-21DE60DADE59\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.2\", \"versionEndExcluding\": \"5.2.11\", \"matchCriteriaId\": \"927FCECA-558B-4BFF-8FEF-D9DAA0E99567\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.3\", \"versionEndExcluding\": \"5.3.8\", \"matchCriteriaId\": \"15E187EB-396C-4BEA-AD0C-B2042A2BCEC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.4\", \"versionEndExcluding\": \"5.4.6\", \"matchCriteriaId\": \"C7B4B6D8-7B29-4ABF-B028-5F31AFF908FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.5\", \"versionEndExcluding\": \"5.5.5\", \"matchCriteriaId\": \"F76762A1-14B1-410A-B2DF-1EFCEFA7FD8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.6\", \"versionEndExcluding\": \"5.6.4\", \"matchCriteriaId\": \"B8327B3F-394E-4EE4-B197-1325181C2654\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.7\", \"versionEndExcluding\": \"5.7.2\", \"matchCriteriaId\": \"2988ED95-7821-4396-9D51-D80054FE57F5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation.\"}, {\"lang\": \"es\", \"value\": \"PHPMailer versi\\u00f3n 6.1.8 hasta la versi\\u00f3n 6.4.0 permite la inyecci\\u00f3n de objetos a trav\\u00e9s de Phar Deserialization v\\u00eda addAttachment con un nombre de ruta UNC. NOTA: esto es similar a CVE-2018-19296, pero surgi\\u00f3 porque la versi\\u00f3n 6.1.8 corrigi\\u00f3 un problema de funcionalidad en el que los nombres de ruta UNC siempre se consideraban ilegibles por PHPMailer, incluso en contextos seguros. Como efecto secundario no intencionado, esta correcci\\u00f3n elimin\\u00f3 el c\\u00f3digo que bloqueaba la explotaci\\u00f3n de addAttachment\"}]",
      "id": "CVE-2020-36326",
      "lastModified": "2024-11-21T05:29:17.330",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-04-28T03:15:07.400",
      "references": "[{\"url\": \"https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-36326\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-04-28T03:15:07.400\",\"lastModified\":\"2024-11-21T05:29:17.330\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation.\"},{\"lang\":\"es\",\"value\":\"PHPMailer versi\u00f3n 6.1.8 hasta la versi\u00f3n 6.4.0 permite la inyecci\u00f3n de objetos a trav\u00e9s de Phar Deserialization v\u00eda addAttachment con un nombre de ruta UNC. NOTA: esto es similar a CVE-2018-19296, pero surgi\u00f3 porque la versi\u00f3n 6.1.8 corrigi\u00f3 un problema de funcionalidad en el que los nombres de ruta UNC siempre se consideraban ilegibles por PHPMailer, incluso en contextos seguros. Como efecto secundario no intencionado, esta correcci\u00f3n elimin\u00f3 el c\u00f3digo que bloqueaba la explotaci\u00f3n de addAttachment\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmailer_project:phpmailer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.8\",\"versionEndIncluding\":\"6.4.0\",\"matchCriteriaId\":\"5E408867-E88B-4359-A288-4EFB791D0078\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.7\",\"versionEndExcluding\":\"3.7.36\",\"matchCriteriaId\":\"D7107F37-08EA-4338-8C02-72AF08A65160\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.8\",\"versionEndExcluding\":\"3.8.36\",\"matchCriteriaId\":\"6AC1DE0D-A45C-481F-BB86-90B0EE362DF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.9\",\"versionEndExcluding\":\"3.9.34\",\"matchCriteriaId\":\"D868EAD0-A15B-4DA6-8083-DF59B0F76F3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0\",\"versionEndExcluding\":\"4.0.33\",\"matchCriteriaId\":\"16565DA9-2069-4E4C-93B6-1A770D4FAFF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1\",\"versionEndExcluding\":\"4.1.33\",\"matchCriteriaId\":\"838ACC2C-7BFB-4F33-9C09-3169C71E058F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2\",\"versionEndExcluding\":\"4.2.30\",\"matchCriteriaId\":\"9491276F-8D9B-451A-B127-7633C958B269\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3\",\"versionEndExcluding\":\"4.3.26\",\"matchCriteriaId\":\"3A9E7881-CF97-47B9-A2D9-9C3FE15CC539\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4\",\"versionEndExcluding\":\"4.4.25\",\"matchCriteriaId\":\"786BB974-B009-479F-9729-D03C0A8BA7BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.5\",\"versionEndExcluding\":\"4.5.24\",\"matchCriteriaId\":\"2BF5B2B8-242D-4370-8CB7-30B063A39CC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.6\",\"versionEndExcluding\":\"4.6.21\",\"matchCriteriaId\":\"75662A23-D9BB-4986-A2C1-4CD0D5D8C4CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.7\",\"versionEndExcluding\":\"4.7.21\",\"matchCriteriaId\":\"484017D5-2002-4701-91D2-13CB63BD5D2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.8\",\"versionEndExcluding\":\"4.8.17\",\"matchCriteriaId\":\"FB2A8F54-BA4C-433F-A50B-EFB430810D94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.9\",\"versionEndExcluding\":\"4.9.18\",\"matchCriteriaId\":\"CABB1071-DA21-4334-B1EC-64A1F144F563\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndExcluding\":\"5.0.13\",\"matchCriteriaId\":\"3409E74E-8229-47D3-BC4D-F9B59EEC26CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.1\",\"versionEndExcluding\":\"5.1.10\",\"matchCriteriaId\":\"B41B2EA6-0370-4DE9-B756-21DE60DADE59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.2\",\"versionEndExcluding\":\"5.2.11\",\"matchCriteriaId\":\"927FCECA-558B-4BFF-8FEF-D9DAA0E99567\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.3\",\"versionEndExcluding\":\"5.3.8\",\"matchCriteriaId\":\"15E187EB-396C-4BEA-AD0C-B2042A2BCEC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4\",\"versionEndExcluding\":\"5.4.6\",\"matchCriteriaId\":\"C7B4B6D8-7B29-4ABF-B028-5F31AFF908FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.5.5\",\"matchCriteriaId\":\"F76762A1-14B1-410A-B2DF-1EFCEFA7FD8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.6\",\"versionEndExcluding\":\"5.6.4\",\"matchCriteriaId\":\"B8327B3F-394E-4EE4-B197-1325181C2654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.7\",\"versionEndExcluding\":\"5.7.2\",\"matchCriteriaId\":\"2988ED95-7821-4396-9D51-D80054FE57F5\"}]}]}],\"references\":[{\"url\":\"https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2020-36326

Vulnerability from fkie_nvd - Published: 2021-04-28 03:15 - Updated: 2024-11-21 05:29

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9	Patch, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/
af854a3a-2127-422b-91ae-364da2661108	https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/

Impacted products

Vendor	Product	Version
phpmailer_project	phpmailer	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpmailer_project:phpmailer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E408867-E88B-4359-A288-4EFB791D0078",
              "versionEndIncluding": "6.4.0",
              "versionStartIncluding": "6.1.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7107F37-08EA-4338-8C02-72AF08A65160",
              "versionEndExcluding": "3.7.36",
              "versionStartIncluding": "3.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC1DE0D-A45C-481F-BB86-90B0EE362DF2",
              "versionEndExcluding": "3.8.36",
              "versionStartIncluding": "3.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D868EAD0-A15B-4DA6-8083-DF59B0F76F3D",
              "versionEndExcluding": "3.9.34",
              "versionStartIncluding": "3.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16565DA9-2069-4E4C-93B6-1A770D4FAFF0",
              "versionEndExcluding": "4.0.33",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "838ACC2C-7BFB-4F33-9C09-3169C71E058F",
              "versionEndExcluding": "4.1.33",
              "versionStartIncluding": "4.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9491276F-8D9B-451A-B127-7633C958B269",
              "versionEndExcluding": "4.2.30",
              "versionStartIncluding": "4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A9E7881-CF97-47B9-A2D9-9C3FE15CC539",
              "versionEndExcluding": "4.3.26",
              "versionStartIncluding": "4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "786BB974-B009-479F-9729-D03C0A8BA7BD",
              "versionEndExcluding": "4.4.25",
              "versionStartIncluding": "4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BF5B2B8-242D-4370-8CB7-30B063A39CC2",
              "versionEndExcluding": "4.5.24",
              "versionStartIncluding": "4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75662A23-D9BB-4986-A2C1-4CD0D5D8C4CD",
              "versionEndExcluding": "4.6.21",
              "versionStartIncluding": "4.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "484017D5-2002-4701-91D2-13CB63BD5D2B",
              "versionEndExcluding": "4.7.21",
              "versionStartIncluding": "4.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2A8F54-BA4C-433F-A50B-EFB430810D94",
              "versionEndExcluding": "4.8.17",
              "versionStartIncluding": "4.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CABB1071-DA21-4334-B1EC-64A1F144F563",
              "versionEndExcluding": "4.9.18",
              "versionStartIncluding": "4.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3409E74E-8229-47D3-BC4D-F9B59EEC26CB",
              "versionEndExcluding": "5.0.13",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B41B2EA6-0370-4DE9-B756-21DE60DADE59",
              "versionEndExcluding": "5.1.10",
              "versionStartIncluding": "5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "927FCECA-558B-4BFF-8FEF-D9DAA0E99567",
              "versionEndExcluding": "5.2.11",
              "versionStartIncluding": "5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15E187EB-396C-4BEA-AD0C-B2042A2BCEC8",
              "versionEndExcluding": "5.3.8",
              "versionStartIncluding": "5.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7B4B6D8-7B29-4ABF-B028-5F31AFF908FF",
              "versionEndExcluding": "5.4.6",
              "versionStartIncluding": "5.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F76762A1-14B1-410A-B2DF-1EFCEFA7FD8A",
              "versionEndExcluding": "5.5.5",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8327B3F-394E-4EE4-B197-1325181C2654",
              "versionEndExcluding": "5.6.4",
              "versionStartIncluding": "5.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2988ED95-7821-4396-9D51-D80054FE57F5",
              "versionEndExcluding": "5.7.2",
              "versionStartIncluding": "5.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation."
    },
    {
      "lang": "es",
      "value": "PHPMailer versi\u00f3n 6.1.8 hasta la versi\u00f3n 6.4.0 permite la inyecci\u00f3n de objetos a trav\u00e9s de Phar Deserialization v\u00eda addAttachment con un nombre de ruta UNC. NOTA: esto es similar a CVE-2018-19296, pero surgi\u00f3 porque la versi\u00f3n 6.1.8 corrigi\u00f3 un problema de funcionalidad en el que los nombres de ruta UNC siempre se consideraban ilegibles por PHPMailer, incluso en contextos seguros. Como efecto secundario no intencionado, esta correcci\u00f3n elimin\u00f3 el c\u00f3digo que bloqueaba la explotaci\u00f3n de addAttachment"
    }
  ],
  "id": "CVE-2020-36326",
  "lastModified": "2024-11-21T05:29:17.330",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-28T03:15:07.400",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-M298-FH5C-JC66

Vulnerability from github – Published: 2021-05-04 17:42 – Updated: 2021-05-10 19:27

Summary

Object injection in PHPMailer/PHPMailer

Details

Impact

This is a reintroduction of an earlier issue (CVE-2018-19296) by an unrelated bug fix in PHPMailer 6.1.8. An external file may be unexpectedly executable if it is used as a path to an attachment file via PHP's support for .phar files`. Exploitation requires that an attacker is able to provide an unfiltered path to a file to attach, or to trick calling code into generating one. See this article for more info.

Patches

This issue was patched in the PHPMailer 6.4.1 release. This release also implements stricter filtering for attachment paths; paths that look like any kind of URL are rejected.

Workarounds

Validate paths to loaded files using the same pattern as used in isPermittedPath() before using them in any PHP file function, such as file_exists. This method can't be used directly because it is protected, but you can implement the same thing in calling code. Note that this should be applied to all user-supplied paths passed into such functions; it's not a problem specific to PHPMailer.

Credit

This issue was found by Fariskhi Vidyan, reported and managed via Tidelift.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "phpmailer/phpmailer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.1.8"
            },
            {
              "fixed": "6.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-36326"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502",
      "CWE-641"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-30T19:41:24Z",
    "nvd_published_at": "2021-04-28T03:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\nThis is a reintroduction of an earlier issue (CVE-2018-19296) by an unrelated bug fix in PHPMailer 6.1.8.  An external file may be unexpectedly executable if it is used as a path to an attachment file via PHP\u0027s support for `.phar` files`. Exploitation requires that an attacker is able to provide an unfiltered path to a file to attach, or to trick calling code into generating one. See [this article](https://knasmueller.net/5-answers-about-php-phar-exploitation) for more info.\n\n### Patches\nThis issue was patched in the PHPMailer 6.4.1 release. This release also implements stricter filtering for attachment paths; paths that look like *any* kind of URL are rejected.\n\n### Workarounds\nValidate paths to loaded files using the same pattern as used in [`isPermittedPath()`](https://github.com/PHPMailer/PHPMailer/blob/master/src/PHPMailer.php#L1815) before using them in *any* PHP file function, such as `file_exists`. This method can\u0027t be used directly because it is protected, but you can implement the same thing in calling code. Note that this should be applied to *all* user-supplied paths passed into such functions; it\u0027s not a problem specific to PHPMailer.\n\n### Credit\nThis issue was found by Fariskhi Vidyan, reported and managed via Tidelift.",
  "id": "GHSA-m298-fh5c-jc66",
  "modified": "2021-05-10T19:27:44Z",
  "published": "2021-05-04T17:42:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-m298-fh5c-jc66"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36326"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2020-36326.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PHPMailer/PHPMailer/releases/tag/v6.4.1"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Object injection in PHPMailer/PHPMailer"
}

CERTFR-2021-AVI-378

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans WordPress. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	WordPress	WordPress	WordPress versions antérieures à 5.7.2

References

Title

Publication Time

Tags

Bulletin de sécurité WordPress du 13 mai 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "WordPress versions ant\u00e9rieures \u00e0 5.7.2",
      "product": {
        "name": "WordPress",
        "vendor": {
          "name": "WordPress",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-36326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36326"
    },
    {
      "name": "CVE-2018-19296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19296"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-378",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-05-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans WordPress. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans WordPress",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 WordPress du 13 mai 2021",
      "url": "https://wordpress.org/news/2021/05/wordpress-5-7-2-security-release/"
    }
  ]
}

CERTFR-2021-AVI-378

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans WordPress. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	WordPress	WordPress	WordPress versions antérieures à 5.7.2

References

Title

Publication Time

Tags

Bulletin de sécurité WordPress du 13 mai 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "WordPress versions ant\u00e9rieures \u00e0 5.7.2",
      "product": {
        "name": "WordPress",
        "vendor": {
          "name": "WordPress",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-36326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36326"
    },
    {
      "name": "CVE-2018-19296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19296"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-378",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-05-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans WordPress. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans WordPress",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 WordPress du 13 mai 2021",
      "url": "https://wordpress.org/news/2021/05/wordpress-5-7-2-security-release/"
    }
  ]
}

GSD-2020-36326

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-36326

Aliases

CVE-2020-36326

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-36326",
    "description": "PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation.",
    "id": "GSD-2020-36326"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-36326"
      ],
      "details": "PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation.",
      "id": "GSD-2020-36326",
      "modified": "2023-12-13T01:21:55.576865Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-36326",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9",
            "refsource": "MISC",
            "url": "https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9"
          },
          {
            "name": "FEDORA-2021-b21bbfa198",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/"
          },
          {
            "name": "FEDORA-2021-ecf4fed550",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=6.1.8,\u003c=6.4.0",
          "affected_versions": "All versions starting from 6.1.8 up to 6.4.0",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-502",
            "CWE-937"
          ],
          "date": "2021-06-14",
          "description": "PHPMailer allows object injection through `Phar` deserialization via the `addAttachment` with a UNC pathname.",
          "fixed_versions": [
            "6.4.1"
          ],
          "identifier": "CVE-2020-36326",
          "identifiers": [
            "CVE-2020-36326"
          ],
          "not_impacted": "All versions before 6.1.8, all versions after 6.4.0",
          "package_slug": "packagist/phpmailer/phpmailer",
          "pubdate": "2021-04-28",
          "solution": "Upgrade to version 6.4.1 or above.",
          "title": "Deserialization of Untrusted Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-36326"
          ],
          "uuid": "7a51856f-78a6-47c1-a48a-000351008699"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:phpmailer_project:phpmailer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.0",
                "versionStartIncluding": "6.1.8",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.7.36",
                "versionStartIncluding": "3.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.8.36",
                "versionStartIncluding": "3.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.9.34",
                "versionStartIncluding": "3.9",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.0.33",
                "versionStartIncluding": "4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.1.33",
                "versionStartIncluding": "4.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.2.30",
                "versionStartIncluding": "4.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.26",
                "versionStartIncluding": "4.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.4.25",
                "versionStartIncluding": "4.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.5.24",
                "versionStartIncluding": "4.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.6.21",
                "versionStartIncluding": "4.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.7.21",
                "versionStartIncluding": "4.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.8.17",
                "versionStartIncluding": "4.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.9.18",
                "versionStartIncluding": "4.9",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.13",
                "versionStartIncluding": "5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.1.10",
                "versionStartIncluding": "5.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.2.11",
                "versionStartIncluding": "5.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.3.8",
                "versionStartIncluding": "5.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.4.6",
                "versionStartIncluding": "5.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.5.5",
                "versionStartIncluding": "5.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.6.4",
                "versionStartIncluding": "5.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.7.2",
                "versionStartIncluding": "5.7",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-36326"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-502"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9"
            },
            {
              "name": "FEDORA-2021-b21bbfa198",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/"
            },
            {
              "name": "FEDORA-2021-ecf4fed550",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-06-14T15:17Z",
      "publishedDate": "2021-04-28T03:15Z"
    }
  }
}

CNVD-2021-73651

Vulnerability from cnvd - Published: 2021-09-26

Title

PHPMailer代码问题漏洞

Description

PHPMailer是一个用于发送电子邮件的PHP类库。 PHPMailer存在代码问题漏洞，该漏洞允许通过具有UNC路径名的addAttachment通过Phar反序列化进行对象注入。目前没有详细的漏洞细节提供。

Severity

高

Patch Name

PHPMailer代码问题漏洞的补丁

Patch Description

PHPMailer是一个用于发送电子邮件的PHP类库。 PHPMailer存在代码问题漏洞，该漏洞允许通过具有UNC路径名的addAttachment通过Phar反序列化进行对象注入。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9

Reference

https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9

Impacted products

Name
PHPMailer PHPMailer >=6.1.8，<=6.4.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-36326",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-36326"
    }
  },
  "description": "PHPMailer\u662f\u4e00\u4e2a\u7528\u4e8e\u53d1\u9001\u7535\u5b50\u90ae\u4ef6\u7684PHP\u7c7b\u5e93\u3002\n\nPHPMailer\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u901a\u8fc7\u5177\u6709UNC\u8def\u5f84\u540d\u7684addAttachment\u901a\u8fc7Phar\u53cd\u5e8f\u5217\u5316\u8fdb\u884c\u5bf9\u8c61\u6ce8\u5165\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-73651",
  "openTime": "2021-09-26",
  "patchDescription": "PHPMailer\u662f\u4e00\u4e2a\u7528\u4e8e\u53d1\u9001\u7535\u5b50\u90ae\u4ef6\u7684PHP\u7c7b\u5e93\u3002\r\n\r\nPHPMailer\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u901a\u8fc7\u5177\u6709UNC\u8def\u5f84\u540d\u7684addAttachment\u901a\u8fc7Phar\u53cd\u5e8f\u5217\u5316\u8fdb\u884c\u5bf9\u8c61\u6ce8\u5165\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "PHPMailer\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "PHPMailer PHPMailer \u003e=6.1.8\uff0c\u003c=6.4.0"
  },
  "referenceLink": "https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9",
  "serverity": "\u9ad8",
  "submitTime": "2021-06-04",
  "title": "PHPMailer\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-36326 (GCVE-0-2020-36326)

FKIE_CVE-2020-36326

GHSA-M298-FH5C-JC66

Impact

Patches

Workarounds

Credit

CERTFR-2021-AVI-378

Solution

CERTFR-2021-AVI-378

Solution

GSD-2020-36326

CNVD-2021-73651

Tags

Sightings

Nomenclature