CVE-2021-34551Unrestricted File Upload in Project Phpmailer

CWE-434Unrestricted File UploadCWE-94Code Injection5 documents5 sources
Severity
8.1HIGHNVD
EPSS
2.1%
top 15.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Phpmailer Project PhpmailerPhpmailerFedoraproject Fedora
Timeline
PublishedJun 16
Latest updateJun 22

Description

PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

Packagistphpmailer/phpmailer< 6.5.0

Also affects: Fedora 33, 34

🔴Vulnerability Details

3
OSV
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows2021-06-22
GHSA
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows2021-06-22
CVEList
CVE-2021-34551: PHPMailer before 62021-06-16

📋Vendor Advisories

1
Debian
CVE-2021-34551: libphp-phpmailer - PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is u...2021
CVE-2021-34551 — Unrestricted File Upload | cvebase