CVE-2021-34551
published 2021-06-16CVE-2021-34551: PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.
PriorityP349high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
2.80%
84.7th percentile
PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libphp-phpmailer | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| phpmailer | phpmailer | >= 0 < 6.5.0 | 6.5.0 |
| phpmailer_project | phpmailer | < 6.5.0 | 6.5.0 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
ghsa8.1HIGH
osv8.1HIGH
vendor_debian8.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2021-34551: libphp-phpmailer - PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is u...
vendor_debian·2021·CVSS 8.1
CVE-2021-34551 [HIGH] CVE-2021-34551: libphp-phpmailer - PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is u...
PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
OSV
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
osv·2021-06-22·CVSS 8.1
CVE-2021-34551 [HIGH] Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
PHPMailer 6.4.1 contains a possible remote code execution vulnerability through the `$lang_path` parameter of the `setLanguage()` method. If the `$lang_path` parameter is passed unfiltered from user input, it can be set to [a UNC path](https://docs.microsoft.com/en-us/dotnet/standard/io/file-path-formats#unc-paths), and if an attacker is also able to create a remote mount on the server that the UNC path points to, a script file under their control may be executed.
### Impact
Arbitrary code may be run by a remote attacker under the web server or PHP process running on Window hosts.
### Patches
Mitigated in PHPMailer 6.5.0 by no longer treating translation files as PHP code, but by parsing their text content directl
GHSA
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
ghsa·2021-06-22·CVSS 8.1
CVE-2021-34551 [HIGH] CWE-434 Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
PHPMailer 6.4.1 contains a possible remote code execution vulnerability through the `$lang_path` parameter of the `setLanguage()` method. If the `$lang_path` parameter is passed unfiltered from user input, it can be set to [a UNC path](https://docs.microsoft.com/en-us/dotnet/standard/io/file-path-formats#unc-paths), and if an attacker is also able to create a remote mount on the server that the UNC path points to, a script file under their control may be executed.
### Impact
Arbitrary code may be run by a remote attacker under the web server or PHP process running on Window hosts.
### Patches
Mitigated in PHPMailer 6.5.0 by no longer treating translation files as PHP code, but by parsing their text content directl
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.mdhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YRMWGA4VTMXFB22KICMB7YMFZNFV3EJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJYSOFCUBS67J3TKR74SD3C454N7VTYM/https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.mdhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YRMWGA4VTMXFB22KICMB7YMFZNFV3EJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJYSOFCUBS67J3TKR74SD3C454N7VTYM/
2021-06-16
Published