vulnerability
FreeBSD: VID-9B1699FF-D84C-11EB-92D6-1B6FF3DFE4D3 (CVE-2021-3603): mantis -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | 2021-04-28 | 2022-11-04 | 2022-11-04 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
2021-04-28
Added
2022-11-04
Modified
2022-11-04
Description
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names.
Solution(s)
freebsd-upgrade-package-mantis-php73freebsd-upgrade-package-mantis-php74freebsd-upgrade-package-mantis-php80
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.