Arbitrary Object injection

Affecting phpmailer/phpmailer package, versions >=5.0.0, <5.2.27 || >=6.0.0, <6.0.6

high severity

Overview

phpmailer/phpmailer is a full-featured email creation and transfer class for PHP.

Affected versions of this package are vulnerable to Object Injection attack.

Remediation

Upgrade phpmailer/phpmailer to version 5.2.27, 6.0.6 or higher.

References

Do your applications use this vulnerable package?

Credit
Sehun Oh
CVE
CVE-2018-19296
CWE
CWE-94
Snyk ID
SNYK-PHP-PHPMAILERPHPMAILER-72616
Disclosed
16 Nov, 2018
Published
19 Nov, 2018