Unpatched PHPMailer Vulnerability

UNKNOWN No Patch (2841 days)
email-libraryphpphpmailerremote-code-executionxss

Threat Intelligence

Low Risk
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

PHPMailer is a popular open-source library used for sending emails in PHP applications. This vulnerability allows attackers to inject malicious code into email bodies, potentially leading to cross-site scripting (XSS) attacks or even remote code execution.

Am I affected?

You're affected if you use PHPMailer version 5.2.0 or earlier. Check with: grep -r "PHPMailer" .php in your project directory.

Affected Packages

pypi: phpmailer/phpmailer

Affected Products

PHPMailer Project / PHPMailer

How to fix

  1. Upgrade to PHPMailer version 5.2.3 or later from the official GitHub repository: https://github.com/PHPMailer/PHPMailer
  2. If you can't upgrade immediately, consider using a different email library like SwiftMailer or Mailgun.