Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796.
References
Configurations
History
21 Nov 2024, 02:38
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177130.html - | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177139.html - | |
References | () http://www.debian.org/security/2015/dsa-3416 - | |
References | () http://www.openwall.com/lists/oss-security/2015/12/04/5 - | |
References | () http://www.openwall.com/lists/oss-security/2015/12/05/1 - | |
References | () http://www.securityfocus.com/bid/78619 - | |
References | () https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0 - | |
References | () https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.14 - Vendor Advisory |
Information
Published : 2015-12-16 21:59
Updated : 2024-11-21 02:38
NVD link : CVE-2015-8476
Mitre link : CVE-2015-8476
CVE.ORG link : CVE-2015-8476
JSON object : View
Products Affected
debian
- debian_linux
phpmailer_project
- phpmailer
CWE
CWE-20
Improper Input Validation