Unpatched PHPMailer Vulnerability

UNKNOWN No Patch (2889 days)
email-libraryphpphpmailerremote-code-execution

Threat Intelligence

Low Risk
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

PHPMailer is a popular open-source library used for sending emails in PHP applications. The vulnerability allows attackers to inject malicious code into email bodies, potentially leading to remote code execution and sensitive data exposure.

Am I affected?

You're affected if you use PHPMailer version 5.2.0 or earlier. Check with: grep -r "PHPMailer" phpMailer.php

Note: This is a relatively niche software, so if you don't recognize the name, you're probably not affected. However, if you use PHP applications that rely on email functionality, this vulnerability might still be relevant.

Affected Packages

pypi: phpmailer/phpmailer

Affected Products

PHPMailer Project / PHPMailer

How to fix

  1. Upgrade to PHPMailer version 5.2.3 or later from the official GitHub repository: https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.3
  2. If immediate upgrade isn't possible, consider using a different email library or implementing additional security measures.