PHPMailer security update-CVE-2020-36326

February 11, 2022

NAME

PHPMailerPHPMailer

  • Platforms Affected:
    PHPMailer

  • Risk Level:
    low

  • CVE Type:
    Deserialization of untrusted data

DESCRIPTION

CVE-2020-36326 is a deserialization of untrusted data vulnerability impacting PHPMailer versions 6.1.8 through 6.4.0. A proof of concept (PoC) was not observed publicly or in the underground.

CVSS Information:

  • CVSS 2.0 SCORE: 7.5
  • CVSS 3.0 SCORE: 9.8

  • Exploit Disclosed in the Public:
    true

  • Exploit Weaponised:


  • PoC Link:

MITIGATION

PHPMailer addressed the vulnerability in GitHub software development platform saved commit change with a patch.

  • Reference Link:
    https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9

  • Patch Available:
    available

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

CISA Logo

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

November 15, 2024
CISA Logo

CISA: CISA Releases One Industrial Control Systems Advisory

November 15, 2024
CISA Logo

CISA: Oracle Releases Quarterly Critical Patch Update Advisory for October 2024

November 15, 2024
CISA Logo

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

November 15, 2024
CISA Logo

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

November 15, 2024