Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by PHPMailer
CVE-2021-3603 (GCVE-0-2021-3603)
Vulnerability from cvelistv5 – Published: 2021-06-17 12:09 – Updated: 2024-08-03 17:01
VLAI
Title
Inclusion of Functionality from Untrusted Control Sphere in PHPMailer/PHPMailer
Summary
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names.
Severity
8.1 (High)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer/ | x_refsource_CONFIRM |
| https://github.com/PHPMailer/PHPMailer/commit/45f… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3"
},
{
"name": "FEDORA-2021-bfc34b3d5c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJYSOFCUBS67J3TKR74SD3C454N7VTYM/"
},
{
"name": "FEDORA-2021-ef548cb234",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YRMWGA4VTMXFB22KICMB7YMFZNFV3EJ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHPMailer",
"vendor": "PHPMailer",
"versions": [
{
"lessThan": "6.5.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project\u0027s scope by other means). If the $patternselect parameter to validateAddress() is set to \u0027php\u0027 (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-26T02:06:18.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3"
},
{
"name": "FEDORA-2021-bfc34b3d5c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJYSOFCUBS67J3TKR74SD3C454N7VTYM/"
},
{
"name": "FEDORA-2021-ef548cb234",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YRMWGA4VTMXFB22KICMB7YMFZNFV3EJ/"
}
],
"source": {
"advisory": "1-PHPMailer/PHPMailer",
"discovery": "EXTERNAL"
},
"title": "Inclusion of Functionality from Untrusted Control Sphere in PHPMailer/PHPMailer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3603",
"STATE": "PUBLIC",
"TITLE": "Inclusion of Functionality from Untrusted Control Sphere in PHPMailer/PHPMailer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHPMailer",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.5.0"
}
]
}
}
]
},
"vendor_name": "PHPMailer"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project\u0027s scope by other means). If the $patternselect parameter to validateAddress() is set to \u0027php\u0027 (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer/",
"refsource": "CONFIRM",
"url": "https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer/"
},
{
"name": "https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3",
"refsource": "MISC",
"url": "https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3"
},
{
"name": "FEDORA-2021-bfc34b3d5c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJYSOFCUBS67J3TKR74SD3C454N7VTYM/"
},
{
"name": "FEDORA-2021-ef548cb234",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YRMWGA4VTMXFB22KICMB7YMFZNFV3EJ/"
}
]
},
"source": {
"advisory": "1-PHPMailer/PHPMailer",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3603",
"datePublished": "2021-06-17T12:09:42.000Z",
"dateReserved": "2021-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:07.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3215 (GCVE-0-2007-3215)
Vulnerability from cvelistv5 – Published: 2007-06-14 22:00 – Updated: 2024-08-07 14:05
VLAI
Summary
PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2007-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070611 PHPMailer command execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471065/100/0/threaded"
},
{
"name": "DSA-1315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1315"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=517428\u0026group_id=157374"
},
{
"name": "phpmailer-popen-command-execution(34818)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34818"
},
{
"name": "25755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25755"
},
{
"name": "2802",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2802"
},
{
"name": "76139",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/76139"
},
{
"name": "24417",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24417"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1734811\u0026group_id=26031\u0026atid=385707"
},
{
"name": "37206",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37206"
},
{
"name": "ADV-2007-2267",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2267"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce"
},
{
"name": "25626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25626"
},
{
"name": "25758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25758"
},
{
"name": "ADV-2007-2161",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2161"
},
{
"name": "20111005 vTiger CRM 5.2.x \u003c= Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2011/Oct/223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070611 PHPMailer command execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471065/100/0/threaded"
},
{
"name": "DSA-1315",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1315"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=517428\u0026group_id=157374"
},
{
"name": "phpmailer-popen-command-execution(34818)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34818"
},
{
"name": "25755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25755"
},
{
"name": "2802",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2802"
},
{
"name": "76139",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/76139"
},
{
"name": "24417",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24417"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1734811\u0026group_id=26031\u0026atid=385707"
},
{
"name": "37206",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37206"
},
{
"name": "ADV-2007-2267",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2267"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce"
},
{
"name": "25626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25626"
},
{
"name": "25758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25758"
},
{
"name": "ADV-2007-2161",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2161"
},
{
"name": "20111005 vTiger CRM 5.2.x \u003c= Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2011/Oct/223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070611 PHPMailer command execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471065/100/0/threaded"
},
{
"name": "DSA-1315",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1315"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=517428\u0026group_id=157374",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=517428\u0026group_id=157374"
},
{
"name": "phpmailer-popen-command-execution(34818)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34818"
},
{
"name": "25755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25755"
},
{
"name": "2802",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2802"
},
{
"name": "76139",
"refsource": "OSVDB",
"url": "http://osvdb.org/76139"
},
{
"name": "24417",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24417"
},
{
"name": "https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1734811\u0026group_id=26031\u0026atid=385707",
"refsource": "MISC",
"url": "https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1734811\u0026group_id=26031\u0026atid=385707"
},
{
"name": "37206",
"refsource": "OSVDB",
"url": "http://osvdb.org/37206"
},
{
"name": "ADV-2007-2267",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2267"
},
{
"name": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/",
"refsource": "MISC",
"url": "http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce"
},
{
"name": "25626",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25626"
},
{
"name": "25758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25758"
},
{
"name": "ADV-2007-2161",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2161"
},
{
"name": "20111005 vTiger CRM 5.2.x \u003c= Remote Code Execution Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2011/Oct/223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3215",
"datePublished": "2007-06-14T22:00:00.000Z",
"dateReserved": "2007-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:05:29.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1807 (GCVE-0-2005-1807)
Vulnerability from cvelistv5 – Published: 2005-06-01 04:00 – Updated: 2024-08-07 22:06
VLAI
Summary
The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2007/2242 | vdb-entryx_refsource_VUPEN |
| http://www.vupen.com/english/advisories/2006/0448 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1014069 | vdb-entryx_refsource_SECTRACK |
| http://www.cybsec.com/vuln/PHPMailer-DOS.pdf | x_refsource_MISC |
| http://seclists.org/lists/bugtraq/2005/May/0337.html | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/13805 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/25726 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/15543 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://secunia.com/advisories/18732 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2005-05-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2242",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2242"
},
{
"name": "ADV-2006-0448",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0448"
},
{
"name": "1014069",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014069"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/PHPMailer-DOS.pdf"
},
{
"name": "20050530 CYBSEC - PHPMailer Infinite Loop Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/lists/bugtraq/2005/May/0337.html"
},
{
"name": "13805",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13805"
},
{
"name": "25726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25726"
},
{
"name": "15543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15543"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=341210\u0026group_id=26031"
},
{
"name": "18732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18732"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2242",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2242"
},
{
"name": "ADV-2006-0448",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0448"
},
{
"name": "1014069",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014069"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/PHPMailer-DOS.pdf"
},
{
"name": "20050530 CYBSEC - PHPMailer Infinite Loop Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/lists/bugtraq/2005/May/0337.html"
},
{
"name": "13805",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13805"
},
{
"name": "25726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25726"
},
{
"name": "15543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15543"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=341210\u0026group_id=26031"
},
{
"name": "18732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18732"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2242",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2242"
},
{
"name": "ADV-2006-0448",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0448"
},
{
"name": "1014069",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014069"
},
{
"name": "http://www.cybsec.com/vuln/PHPMailer-DOS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/PHPMailer-DOS.pdf"
},
{
"name": "20050530 CYBSEC - PHPMailer Infinite Loop Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2005/May/0337.html"
},
{
"name": "13805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13805"
},
{
"name": "25726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25726"
},
{
"name": "15543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15543"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=341210\u0026group_id=26031",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=341210\u0026group_id=26031"
},
{
"name": "18732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18732"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1807",
"datePublished": "2005-06-01T04:00:00.000Z",
"dateReserved": "2005-06-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:06:57.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}