You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Title: Inclusion of Functionality from Untrusted Control Sphere
Description: PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names.
Description: PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation.
Title: Improper Control of Generation of Code ('Code Injection')
Description: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
Description: Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch.
Title: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Description: Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.
Title: Improper Control of Generation of Code ('Code Injection')
Description: Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.
Title: Unrestricted Upload of File with Dangerous Type
Description: class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
Title: Unrestricted Upload of File with Dangerous Type
Description: class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.
One or more packages that are used in your web application are affected by known vulnerabilities. Please consult the details section for more information about each affected package.
Impact
The impact of this vulnerability is different for each vulnerable package. It's recommended to investigate each vulnerable package individually.
Remediation
It's recommended to update the vulnerable packages to the latest version (if a fix exists). If a fix does not exist, you may want to suggest changes that address the vulnerability to the package maintainer or remove the package from your dependency tree.
The text was updated successfully, but these errors were encountered:
Affects
http://testphp.vulnweb.com/vendor/installed.jsonAttack Details
List of vulnerable composer packages:Package: phpmailer/phpmailer
Version: 6.1.8.0
CVE: CVE-2021-34551
Title: Unrestricted Upload of File with Dangerous Type
Description: PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.
CVSS V2: AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS V3: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
References:
Package: phpmailer/phpmailer
Version: 6.1.8.0
CVE: CVE-2021-3603
Title: Inclusion of Functionality from Untrusted Control Sphere
Description: PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names.
CVSS V2: AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS V3: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-829
References:
Package: phpmailer/phpmailer
Version: 6.1.8.0
CVE: CVE-2020-36326
Title: Deserialization of Untrusted Data
Description: PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation.
CVSS V2: AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-502
References:
Package: phpunit/phpunit
Version: 5.6.2.0
CVE: CVE-2017-9841
Title: Improper Control of Generation of Code ('Code Injection')
Description: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
CVSS V2: AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94
References:
Package: smarty/smarty
Version: 4.0.0.0
CVE: CVE-2021-21408
Title: Improper Input Validation
Description: Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch.
CVSS V2: AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS V3: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-20
References:
Package: smarty/smarty
Version: 4.0.0.0
CVE: CVE-2021-29454
Title: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Description: Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.
CVSS V2: AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS V3: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-74
References:
Package: smarty/smarty
Version: 4.0.0.0
CVE: CVE-2022-29221
Title: Improper Control of Generation of Code ('Code Injection')
Description: Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.
CVSS V2: AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS V3: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94
References:
Package: verot/class.upload.php
Version: 2.0.1.0
CVE: CVE-2019-19576
Title: Unrestricted Upload of File with Dangerous Type
Description: class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
CVSS V2: AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
References:
Package: verot/class.upload.php
Version: 2.0.1.0
CVE: CVE-2019-19634
Title: Unrestricted Upload of File with Dangerous Type
Description: class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.
CVSS V2: AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
References:
Vulnerability Description
One or more packages that are used in your web application are affected by known vulnerabilities. Please consult the details section for more information about each affected package.Impact
The impact of this vulnerability is different for each vulnerable package. It's recommended to investigate each vulnerable package individually.Remediation
It's recommended to update the vulnerable packages to the latest version (if a fix exists). If a fix does not exist, you may want to suggest changes that address the vulnerability to the package maintainer or remove the package from your dependency tree.The text was updated successfully, but these errors were encountered: