CVE-2020-36326
Deserialization of Untrusted Data in packagist/phpmailer/phpmailer
Identifiers
CVE-2020-36326
Package Slug
packagist/phpmailer/phpmailer
Vulnerability
Deserialization of Untrusted Data
Description
PHPMailer allows object injection through Phar deserialization via the addAttachment with a UNC pathname.
Affected Versions
All versions starting from 6.1.8 up to 6.4.0
Solution
Upgrade to version 6.4.1 or above.
Last Modified
2021-05-10
| source |