VDB

GCVE-110-MAGEIA-2015-484

GCVE-110-MAGEIA-2015-484
Advisory Published
Vulnetix · Advisory published December 24, 2015
Updated php-phpmailer package fixes security vulnerability: Takeshi Terada discovered that PHPMailer accepted addresses containing line breaks. This is valid in RFC5322, but allowing such addresses resulted in invalid RFC5321 SMTP commands, permitting a kind of message injection attack (CVE-2015-8476).

Affected Products

VendorProductVersionsPlatforms
Mageiaphp-phpmailer0 (affected), 5.2.14-1.mga5 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›