Posted - 07/27/2021 : 18:56:20
Hello ,
Is there a fix already for the following code vulnerability? vsadmin/inc/class.phpmailer.php
class.phpmailer.php
Code injection Patch ID: 4466 Name: [CVE-2020-36326 - CVE-2018-19296] Object injection Description: CVE-2020-36326 - An external file could be unexpectedly executable if it was used as a path to an attachment file via PHP's support for .phar files`. Exploitation requires that an attacker was able to provide an unfiltered path to a file to attach. CVE-2018-19296 - Was vulnerable to an object injection attack by passing phar:// paths into addAttachment() and other functions that could receive unfiltered local paths, possibly lead to RCE.
|