CVE-2015-8476

EUVD-2020-0337
Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
debiandebian_linux
6.0
debiandebian_linux
7.0
debiandebian_linux
8.0
phpmailer_projectphpmailer
𝑥
≤ 5.2.13
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libphp-phpmailer
bookworm
6.6.3-1
fixed
bullseye
6.2.0-2
fixed
sid
6.9.1-1
fixed
trixie
6.9.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libphp-phpmailer
precise
Fixed 5.1-1+deb6u11build0.12.04.1
released
trusty
Fixed 5.1-1+deb6u11build0.14.04.1
released
vivid
Fixed 5.2.9+dfsg-2+deb8u1build0.15.04.1
released
wily
ignored
xenial
not-affected
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177130.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177139.html
http://www.debian.org/security/2015/dsa-3416
http://www.openwall.com/lists/oss-security/2015/12/04/5
http://www.openwall.com/lists/oss-security/2015/12/05/1
http://www.securityfocus.com/bid/78619
https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0
https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.14
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177130.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177139.html
http://www.debian.org/security/2015/dsa-3416
http://www.openwall.com/lists/oss-security/2015/12/04/5
http://www.openwall.com/lists/oss-security/2015/12/05/1
http://www.securityfocus.com/bid/78619
https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0
https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.14