Main
Vulnerability Database
Exploits
ID:794 - Exploit for Information disclosure in PHPMailer - CVE-2017-5223
ID:794 - Exploit for Information disclosure in PHPMailer - CVE-2017-5223
Published: March 18, 2020
Vulnerability identifier: #VU4756
Vulnerability risk: Medium
CVE-ID: CVE-2017-5223
CWE-ID: CWE-200
Exploitation vector: Remote access
Vulnerable software:
PHPMailer
PHPMailer
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to obtain access to potentially sensitive information.
The vulnerability exists in PHPMailer before 5.2.22 when handling HTML documents using msgHTML() method. A remote attacker can create a specially crafted message, containing relative links to images withing message and attach arbitrary local file to e-mail message.
Successful exploitation of this vulnerability may allow an attacker to send out arbitrary system files as email attachments.
The vulnerability exists in PHPMailer before 5.2.22 when handling HTML documents using msgHTML() method. A remote attacker can create a specially crafted message, containing relative links to images withing message and attach arbitrary local file to e-mail message.
Successful exploitation of this vulnerability may allow an attacker to send out arbitrary system files as email attachments.
Remediation
Update to version 5.2.22.