CVE-2017-5223
published 2017-01-16CVE-2017-5223: An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email…
PriorityP431medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
EXPLOIT
EPSS
2.14%
79.8th percentile
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libphp-phpmailer | < libphp-phpmailer 5.2.14+dfsg-2.3 (bookworm) | libphp-phpmailer 5.2.14+dfsg-2.3 (bookworm) |
| phpmailer | phpmailer | >= 5.0.0 < 5.2.22 | 5.2.22 |
| phpmailer_project | phpmailer | <= 5.2.21 | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
ghsa5.5MEDIUM
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
libphp-phpmailer vulnerability
osv·2023-03-15·CVSS 9.8
CVE-2017-11503 [CRITICAL] libphp-phpmailer vulnerability
libphp-phpmailer vulnerability
USN-5956-1 fixed vulnerabilities in PHPMailer. It was discovered that the
fix for CVE-2017-11503 was incomplete. This update fixes the problem.
Original advisory details:
Dawid Golunski discovered that PHPMailer was not properly escaping user
input data used as arguments to functions executed by the system shell. An
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 16.04 ESM. (CVE-2016-10033, CVE-2016-10045)
It was discovered that PHPMailer was not properly escaping characters
in certain fields of the code_generator.php example code. An attacker
could possibly use this issue to conduct cross-site scripting (XSS)
attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04
ESM. (CVE-2017-11503)
Yo
OSV
libphp-phpmailer vulnerabilities
osv·2023-03-15·CVSS 9.8
CVE-2016-10033 [CRITICAL] libphp-phpmailer vulnerabilities
libphp-phpmailer vulnerabilities
Dawid Golunski discovered that PHPMailer was not properly escaping user
input data used as arguments to functions executed by the system shell. An
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 16.04 ESM. (CVE-2016-10033, CVE-2016-10045)
It was discovered that PHPMailer was not properly escaping characters
in certain fields of the code_generator.php example code. An attacker
could possibly use this issue to conduct cross-site scripting (XSS)
attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04
ESM. (CVE-2017-11503)
Yongxiang Li discovered that PHPMailer was not properly converting
relative paths provided as user input when adding attachments to messages,
which could lead to relative im
OSV
Local file disclosure in PHPMailer
osv·2020-03-05·CVSS 5.5
CVE-2017-5223 [MEDIUM] Local file disclosure in PHPMailer
Local file disclosure in PHPMailer
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's `msgHTML` method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to `/`, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory.
### Impact
Arbitrary local files can be attached to email messages.
### Patches
Fixed in 5.2.22
### Workarounds
Validate input before using user-supplied file paths.
GHSA
Local file disclosure in PHPMailer
ghsa·2020-03-05·CVSS 5.5
CVE-2017-5223 [MEDIUM] CWE-200 Local file disclosure in PHPMailer
Local file disclosure in PHPMailer
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's `msgHTML` method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to `/`, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory.
### Impact
Arbitrary local files can be attached to email messages.
### Patches
Fixed in 5.2.22
### Workarounds
Validate input before using user-supplied file paths.
OSV
CVE-2017-5223: An issue was discovered in PHPMailer before 5
osv·2017-01-16·CVSS 5.5
CVE-2017-5223 [MEDIUM] CVE-2017-5223: An issue was discovered in PHPMailer before 5
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory.
Ubuntu
PHPMailer vulnerabilities
vendor_ubuntu·2023-03-15·CVSS 9.8
CVE-2021-3603 [CRITICAL] PHPMailer vulnerabilities
Title: PHPMailer vulnerabilities
Summary: Several security issues were fixed in PHPMailer.
Dawid Golunski discovered that PHPMailer was not properly escaping user
input data used as arguments to functions executed by the system shell. An
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 16.04 ESM. (CVE-2016-10033, CVE-2016-10045)
It was discovered that PHPMailer was not properly escaping characters
in certain fields of the code_generator.php example code. An attacker
could possibly use this issue to conduct cross-site scripting (XSS)
attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04
ESM. (CVE-2017-11503)
Yongxiang Li discovered that PHPMailer was not properly converting
relative paths provided as user input when addi
Ubuntu
PHPMailer vulnerability
vendor_ubuntu·2023-03-15·CVSS 9.8
CVE-2017-11503 [CRITICAL] PHPMailer vulnerability
Title: PHPMailer vulnerability
Summary: An incomplete fix was discovered in PHPMailer.
USN-5956-1 fixed vulnerabilities in PHPMailer. It was discovered that the
fix for CVE-2017-11503 was incomplete. This update fixes the problem.
Original advisory details:
Dawid Golunski discovered that PHPMailer was not properly escaping user
input data used as arguments to functions executed by the system shell. An
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 16.04 ESM. (CVE-2016-10033, CVE-2016-10045)
It was discovered that PHPMailer was not properly escaping characters
in certain fields of the code_generator.php example code. An attacker
could possibly use this issue to conduct cross-site scripting (XSS)
attacks. This issue was only fixed in Ub
Debian
CVE-2017-5223: libphp-phpmailer - An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method a...
vendor_debian·2017·CVSS 5.5
CVE-2017-5223 [MEDIUM] CVE-2017-5223: libphp-phpmailer - An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method a...
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory.
Scope: local
bookworm: resolved (fixed in 5.2.14+dfsg-2.3)
bullseye: resolved (fixed in 5.2.14+dfsg-2.3)
forky: resolved (fixed in 5.2.14+dfsg-2.3)
sid: resolved (fixed in 5.2.14+dfsg-2.3)
trixie: resolved (fix
No detection rules found.
http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/http://www.securityfocus.com/bid/95328https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.mdhttps://www.exploit-db.com/exploits/43056/http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/http://www.securityfocus.com/bid/95328https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.mdhttps://www.exploit-db.com/exploits/43056/
2017-01-16
Published