Showing 1 - 3 of 3

CVE-2017-5223

Status Candidate

Overview

An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory.

Related Files

Ubuntu Security Notice USN-5956-1: Posted Mar 16, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5956-1 - Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. It was discovered that PHPMailer was not properly escaping characters in certain fields of the code_generator.php example code. An attacker could possibly use this issue to conduct cross-site scripting attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.; tags | advisory, arbitrary, shell, php, xss; systems | linux, ubuntu; advisories | CVE-2016-10033, CVE-2017-11503, CVE-2017-5223, CVE-2018-19296, CVE-2020-13625, CVE-2021-3603; SHA-256 | 222714e4ee696b2603d69df38c77117f2e5b2027b932d6a069bca47f30bd053c; Download | Favorite | View

Ubuntu Security Notice USN-5956-2: Posted Mar 16, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5956-2 - USN-5956-1 fixed vulnerabilities in PHPMailer. It was discovered that the fix for CVE-2017-11503 was incomplete. This update fixes the problem. Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM.; tags | advisory, arbitrary, shell, vulnerability; systems | linux, ubuntu; advisories | CVE-2017-11503, CVE-2017-5223, CVE-2018-19296, CVE-2020-13625, CVE-2021-3603; SHA-256 | 80b3365b80c510d9ed0f8f67ed3b629ab7b2e844952fb217a7a549d591be9150; Download | Favorite | View

PHPMailer 5.2.21 Local File Disclosure: Posted Oct 26, 2017; Authored by Yongxiang Li, Maciej Krupa; PHPMailer versions 5.2.21 and below suffer from a file disclosure vulnerability.; tags | exploit; advisories | CVE-2017-5223; SHA-256 | eeaeefcdff3722b2ec1cf3d9459357dc5de426bb7f1c9fb2f39b503acf3a27d4; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 119 files
Ubuntu 103 files
Debian 15 files
Rafael Pedrero 11 files
Apple 9 files
Google Security Research 9 files
Abdulhakim Oner 8 files
nu11secur1ty 8 files
Hubert Wojciechowski 6 files
Ivan Fratric 5 files

File Archives

Systems

AIX (426)
Apple (1,960)
BSD (372)
CentOS (56)
Cisco (1,919)
Debian (6,715)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,288)
HPUX (878)
iOS (340)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,153)
Mac OS X (684)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (12,930)
Slackware (941)
Solaris (1,609)
SUSE (1,444)
Ubuntu (8,462)
UNIX (9,208)
UnixWare (185)
Windows (6,533)
Other

CVE-2017-5223

Overview

Related Files

File Archive:

March 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems