Описание
PHPMailer Local file inclusion
Impact
Arbitrary local file inclusion via the $lang property, remotely exploitable if host application passes unfiltered user data into that property. The 3 CVEs listed are applications that used PHPMailer that were vulnerable to this problem.
Patches
It's not known exactly when this was fixed in the host applications, but it was fixed in PHPMailer 5.2.0.
Workarounds
Filter and validate user-supplied data before use.
References
https://nvd.nist.gov/vuln/detail/CVE-2006-5734 https://nvd.nist.gov/vuln/detail/CVE-2007-3215 https://nvd.nist.gov/vuln/detail/CVE-2007-2021 Example exploit: https://www.exploit-db.com/exploits/14893
For more information
If you have any questions or comments about this advisory:
- Open a private issue in the PHPMailer project
Пакеты
phpmailer/phpmailer
< 5.2.0
5.2.0
EPSS
CVE ID
Связанные уязвимости
Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. NOTE: the print.php vector is already covered by CVE-2005-3404.
EPSS