EPSS
Percentile
99.0%
PHPMailer is vulnerable to local file inclusion. The vulnerability is possible because user supplied relative image URLs are treated as / absolute local file paths and are directly passed to the msgHTML() method.
/
msgHTML()
www.securityfocus.com/bid/95328
github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md
github.com/PHPMailer/PHPMailer/commit/84c24bf257b87aa6de93cabb80de92b4ebed525f
github.com/PHPMailer/PHPMailer/commit/ad4cb09682682da2217799a0c521d4cdc6753402
github.com/PHPMailer/PHPMailer/releases