cbcvebase.
CVE-2018-19296
published 2018-11-16

CVE-2018-19296: PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.

PriorityP341high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
2.21%
80.4th percentile
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianlibphp-phpmailer< libphp-phpmailer 6.2.0-2 (bookworm)libphp-phpmailer 6.2.0-2 (bookworm)
debianlibphp-phpmailer< libphp-phpmailer 5.2.14+dfsg-2.4 (bookworm)libphp-phpmailer 5.2.14+dfsg-2.4 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
phpmailerphpmailer>= 5.0.0 < 5.2.275.2.27
phpmailerphpmailer>= 6.0.0 < 6.0.66.0.6
phpmailerphpmailer>= 6.1.8 < 6.4.16.4.1
phpmailer_projectphpmailer< 5.2.275.2.27
phpmailer_projectphpmailer>= 6.0.0 < 6.0.66.0.6
phpmailer_projectphpmailer6.1.8 – 6.4.0
wordpresswordpress>= 3.7 < 3.7.363.7.36
wordpresswordpress3.7 – 5.7
wordpresswordpress>= 3.8 < 3.8.363.8.36
wordpresswordpress>= 3.9 < 3.9.343.9.34
wordpresswordpress>= 4.0 < 4.0.334.0.33
wordpresswordpress>= 4.1 < 4.1.334.1.33
wordpresswordpress>= 4.2 < 4.2.304.2.30
wordpresswordpress>= 4.3 < 4.3.264.3.26
wordpresswordpress>= 4.4 < 4.4.254.4.25
wordpresswordpress>= 4.5 < 4.5.244.5.24
wordpresswordpress>= 4.6 < 4.6.214.6.21
wordpresswordpress>= 4.7 < 4.7.214.7.21
wordpresswordpress>= 4.8 < 4.8.174.8.17

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
ghsa8.8HIGH
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.