Описание
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 5.2.14+dfsg-2.3+deb9u2build0.18.04.1 |
| devel | not-affected | 6.1.6-1 |
| eoan | ignored | end of life, was needed |
| esm-apps/bionic | released | 5.2.14+dfsg-2.3+deb9u2build0.18.04.1 |
| esm-apps/focal | released | 6.0.6-0.1ubuntu0.1~esm1 |
| esm-apps/jammy | not-affected | 6.1.6-1 |
| esm-apps/noble | not-affected | 6.1.6-1 |
| esm-apps/xenial | released | 5.2.14+dfsg-1ubuntu0.1~esm1 |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needed |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.
PHPMailer before 6.1.6 contains an output escaping bug when the name o ...
Insufficient output escaping of attachment names in PHPMailer
Уязвимость множества функций класса PHPMailer библиотеки PHPMailer, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
5 Medium
CVSS2
7.5 High
CVSS3