Arbitrary file disclosure in PHPMailer
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-5223 |
| CWE-ID | CWE-200 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
PHPMailer Web applications / Other software |
| Vendor | phpmailer.sourceforge.net |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Information disclosure
EUVDB-ID: #VU4756
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-5223
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to obtain access to potentially sensitive information.
The vulnerability exists in PHPMailer before 5.2.22 when handling HTML documents using msgHTML() method. A remote attacker can create a specially crafted message, containing relative links to images withing message and attach arbitrary local file to e-mail message.
Successful exploitation of this vulnerability may allow an attacker to send out arbitrary system files as email attachments.
Update to version 5.2.22.
PHPMailer: 5.2 - 5.2.21
External linkshttp://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-an...
http://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
