PHPMailer is a popular open-source library used for sending emails in PHP applications. This vulnerability allows attackers to inject arbitrary commands into the email body, potentially leading to code execution on the server.
PHPMailer is a popular open-source library used for sending emails in PHP applications. This vulnerability allows attackers to inject arbitrary commands into the email body, potentially leading to code execution on the server.
You're affected if you use PHPMailer version 5.6.0 or earlier. Check with: find / -name "PHPMailer.php" 2>/dev/null
Note: This is a relatively old library, and it's recommended to upgrade to a more secure version. However, since PHPMailer has been deprecated in favor of SwiftMailer, this vulnerability might not be as critical for new projects.
Upgrade to PHPMailer version 5.6.1 or later from the official GitHub repository: https://github.com/PHPMailer/PHPMailer/releases/tag/v5.6.1
- Alternatively, consider using a more modern email library like SwiftMailer (https://swiftmailer.org/) for new projects.