CVE-2021-34551
HIGH8.1EPSS 2.1%Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
Published: 6/22/2021Modified: 4/3/2025
Description
PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.
Affected packages (2)
- Bitnami/phpmailerfrom 0, < 6.5.0
- Packagist/phpmailer/phpmailerfrom 0, < 6.5.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-34551
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2021-34551.yaml
- WEBhttps://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md
- WEBhttps://github.com/PHPMailer/PHPMailer/commit/acd264bf17ff4ac5c915f0d4226dce8a9ea70bc3
- WEBhttps://github.com/PHPMailer/PHPMailer/releases/tag/v6.5.0
- WEBhttps://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-7q44-r25x-wm4q
- WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YRMWGA4VTMXFB22KICMB7YMFZNFV3EJ/
- WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJYSOFCUBS67J3TKR74SD3C454N7VTYM/
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/3YRMWGA4VTMXFB22KICMB7YMFZNFV3EJ
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/FJYSOFCUBS67J3TKR74SD3C454N7VTYM