1
Candidate: CVE-2017-5223
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5223
5
http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/
6
https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md
8
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML
9
method applies transformations to an HTML document to make it usable as an
10
email message body. One of the transformations is to convert relative image
11
URLs into attachments using a script-provided base directory. If no base
12
directory is provided, it resolves to /, meaning that relative image URLs
13
get treated as absolute local file paths and added as attachments. To form
14
a remote vulnerability, the msgHTML method must be called, passed an
15
unfiltered, user-supplied HTML document, and must not set a base directory.
23
Patches_libphp-phpmailer:
24
upstream_libphp-phpmailer: needs-triage
25
precise_libphp-phpmailer: ignored (reached end-of-life)
26
precise/esm_libphp-phpmailer: DNE (precise was needs-triage)
27
trusty_libphp-phpmailer: needs-triage
28
vivid/stable-phone-overlay_libphp-phpmailer: DNE
29
vivid/ubuntu-core_libphp-phpmailer: DNE
30
xenial_libphp-phpmailer: needs-triage
31
yakkety_libphp-phpmailer: ignored (reached end-of-life)
32
zesty_libphp-phpmailer: ignored (reached end-of-life)
33
artful_libphp-phpmailer: needs-triage
34
bionic_libphp-phpmailer: needs-triage
35
devel_libphp-phpmailer: needs-triage