5.2.23

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-17	CVE-2021-3603	Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). network high complexity phpmailer-project fedoraproject CWE-829	8.1
2021-06-16	CVE-2021-34551	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. network high complexity phpmailer-project fedoraproject CWE-434	8.1
2020-06-08	CVE-2020-13625	Improper Encoding or Escaping of Output vulnerability in multiple products PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. network low complexity phpmailer-project fedoraproject canonical debian CWE-116	7.5
2018-11-16	CVE-2018-19296	PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. network low complexity phpmailer-project debian fedoraproject wordpress	8.8
2017-07-20	CVE-2017-11503	Cross-site Scripting vulnerability in PHPmailer Project PHPmailer 5.2.23 PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php. network phpmailer-project CWE-79	4.3