CVE-2020-36326

Deserialization of Untrusted Data in packagist/phpmailer/phpmailer

Identifier

CVE-2020-36326

Package Slug

packagist/phpmailer/phpmailer

Vulnerability

Deserialization of Untrusted Data

Description

PHPMailer allows object injection through Phar deserialization via the addAttachment with a UNC pathname.

Affected Versions

All versions starting from 6.1.8 up to 6.4.0

Solution

Upgrade to version 6.4.1 or above.

Last Modified

2021-05-10

source