CVE-2020-13625

Name
CVE-2020-13625
Description
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj
Release Notes https://github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6
MLIST https://lists.debian.org/debian-lts-announce/2020/06/msg00014.html
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMH4TC5XTS3KZVGMSKEPPBZ2XTZCKKCX/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFM3BZABL6RUHTVMXSC7OFMP4CKWMRPJ/
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
MLIST https://lists.debian.org/debian-lts-announce/2020/08/msg00004.html
UBUNTU https://usn.ubuntu.com/4505-1/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:phpmailer_project:phpmailer:*:*:*:*:*:*:*:* phpmailer >= None < 6.1.6

Vulnerable and fixed packages

Source package Branch Version Maintainer Status