VDB
BIT-phpmailer-2020-13625
BIT-phpmailer-2020-13625
PUBLISHED
CVSS 7.5 HIGH
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | phpmailer | 0, 0, 0 |
| Bitnami | phpmailer |
Timeline
- Mar 6, 2024 CVE Published
- Apr 3, 2025 CVE Updated
References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html url
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html url
- https://github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6 url
- https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj url
- https://lists.debian.org/debian-lts-announce/2020/06/msg00014.html url
- https://lists.debian.org/debian-lts-announce/2020/08/msg00004.html url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFM3BZABL6RUHTVMXSC7OFMP4CKWMRPJ/ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMH4TC5XTS3KZVGMSKEPPBZ2XTZCKKCX/ url
- https://usn.ubuntu.com/4505-1/ url
- https://nvd.nist.gov/vuln/detail/CVE-2020-13625 url