phpmailer/phpmailer is vulnerable to access control bypass. The vulnerability exists as the values of name in Content-Type
, and filename in Content-Disposition
were not sanitized, allowing values ending with ;.jpg
to trick mail filters to accept attachments with .jpg
extensions.
lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
github.com/advisories/GHSA-f7hx-fqxw-rvvj
github.com/PHPMailer/PHPMailer/commit/c2796cb1cb99d7717290b48c4e6f32cb6c60b7b3
github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6
github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj
lists.debian.org/debian-lts-announce/2020/06/msg00014.html
lists.debian.org/debian-lts-announce/2020/08/msg00004.html
lists.fedoraproject.org/archives/list/[email protected]/message/EFM3BZABL6RUHTVMXSC7OFMP4CKWMRPJ/
lists.fedoraproject.org/archives/list/[email protected]/message/SMH4TC5XTS3KZVGMSKEPPBZ2XTZCKKCX/
usn.ubuntu.com/4505-1/