Vulnerabilities > Phpmailer Project > Phpmailer > 6.4.0

DATE CVE VULNERABILITY TITLE RISK
2021-06-17 CVE-2021-3603 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means).
network
high complexity
phpmailer-project fedoraproject CWE-829
8.1
8.1
2021-06-16 CVE-2021-34551 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.
network
high complexity
phpmailer-project fedoraproject CWE-434
8.1
8.1
2021-04-28 CVE-2020-36326 Deserialization of Untrusted Data vulnerability in multiple products
PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname.
network
low complexity
phpmailer-project wordpress CWE-502
critical
 9.8
9.8