CVE-2020-36326
packagist/phpmailer/phpmailer
Deserialization of Untrusted Data
PHPMailer allows object injection through Phar
deserialization via the addAttachment
with a UNC pathname.
All versions starting from 6.1.8 up to 6.4.0
Upgrade to version 6.4.1 or above.
2021-05-10
source |