Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1807 — Infinite Loop in Libphp-phpmailer

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

16.4%

top 5.12%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Debian Libphp-phpmailer Phpmailer

Timeline

PublishedMay 28

Latest updateMay 1

Description

The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/libphp-phpmailer< libphp-phpmailer 1.73 (bookworm)

▶NVDphpmailer/phpmailer1.72

🔴Vulnerability Details

GHSA

GHSA-2qwp-42gw-8pfq: The Data function in class↗2022-05-01

▶

OSV

CVE-2005-1807: The Data function in class↗2005-05-28

▶

💥Exploits & PoCs

Exploit-DB

PHPMailer 1.7 - 'Data()' Remote Denial of Service↗2005-05-28

▶

📋Vendor Advisories

Debian

CVE-2005-1807: libphp-phpmailer - The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote...↗2005

▶