Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-363-1 | libphp-phpmailer security update |
![]() |
DSA-3416-1 | libphp-phpmailer security update |
![]() |
EUVD-2020-0337 | Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796. |
![]() |
GHSA-738m-f33v-qc2r | SMTP Injection in PHPMailer |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T08:20:42.645Z
Reserved: 2015-12-04T00:00:00
Link: CVE-2015-8476

No data.

Status : Deferred
Published: 2015-12-16T21:59:05.313
Modified: 2025-04-12T10:46:40.837
Link: CVE-2015-8476

No data.

No data.