PHPMailer is a popular open-source library used for sending emails in PHP applications. This vulnerability allows attackers to inject malicious code into email bodies, potentially leading to cross-site scripting (XSS) attacks or even remote command execution.
You're affected if you use PHPMailer version 5.2.0 through 5.6.0. Check with: find / -name "PHPMailer.php" 2>/dev/null
Note: This is a relatively old library, and its usage has declined in recent years. If you don't recognize the name, you're probably not affected.
Upgrade to PHPMailer version 5.6.1 or later.
- Alternatively, use the patched version available on GitHub: https://github.com/PHPMailer/PHPMailer