PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into

PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: th

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.

An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and cons

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to

Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequ

PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacte

The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite