Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12NWM5LW1tdzktODI5cc4AAV0H
PHPMailer susceptible to arbitrary code execution
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.
Permalink: https://github.com/advisories/GHSA-v5c9-mmw9-829qJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NWM5LW1tdzktODI5cc4AAV0H
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
Identifiers: GHSA-v5c9-mmw9-829q, CVE-2008-5619
References:
- https://nvd.nist.gov/vuln/detail/CVE-2008-5619
- https://github.com/PHPMailer/PHPMailer/commit/8beacc646acb67c995aea10ac5585970efc7355a
- https://www.exploit-db.com/exploits/7549
- https://www.exploit-db.com/exploits/7553
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00783.html
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00802.html
- http://mahara.org/interaction/forum/topic.php?id=533
- http://osvdb.org/53893
- http://sourceforge.net/forum/forum.php?forum_id=898542
- http://trac.roundcube.net/changeset/2148
- http://trac.roundcube.net/ticket/1485618
- http://www.openwall.com/lists/oss-security/2008/12/12/1
- https://github.com/advisories/GHSA-v5c9-mmw9-829q
Blast Radius: 0.0
Affected Packages
packagist:phpmailer/phpmailer
Dependent packages: 1,199Dependent repositories: 19,318
Downloads: 60,839,208 total
Affected Version Ranges: < 5.2.10
Fixed in: 5.2.10
All affected versions: 5.2.2, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9
All unaffected versions: 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 5.2.15, 5.2.16, 5.2.17, 5.2.18, 5.2.19, 5.2.20, 5.2.21, 5.2.22, 5.2.23, 5.2.24, 5.2.25, 5.2.26, 5.2.27, 5.2.28, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.2.0, 6.3.0, 6.4.0, 6.4.1, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.7.1, 6.8.0, 6.8.1, 6.9.0, 6.9.1