PHPMailer is a popular open-source library used for sending emails in PHP applications. This vulnerability allows attackers to inject malicious code into email bodies, potentially leading to cross-site scripting (XSS) attacks or even remote code execution.
You're affected if you use PHPMailer version 5.6.0 through 5.6.19.
Check with: grep -q "PHPMailer" /usr/lib/php/20131226/phpmailer.php on Linux systems or dir /bin/phpMailer.dll on Windows.
Upgrade to PHPMailer version 5.6.20 or later from the official GitHub repository (https://github.com/PHPMailer/PHPMailer).
- For immediate mitigations, set the disable_output_buffering and output_buffering directives in your PHP configuration file (e.g., .htaccess or php.ini) to prevent buffer overflow attacks.