PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
Max CVSS
6.8
EPSS Score
1.56%
Published
2007-06-14
Updated
2018-10-16
The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field.
Max CVSS
5.0
EPSS Score
11.92%
Published
2005-05-28
Updated
2011-03-08
2 vulnerabilities found