Open TheFox opened 4 years ago
PHPMailer versions prior to 6.0.6 and 5.2.27 are vulnerable to an object injection attack by passing phar:// paths into addAttachment() and other functions that may receive unfiltered local paths, possibly leading to RCE.
See https://knasmueller.net/5-answers-about-php-phar-exploitation?cookie-state-change=1583482795465
See https://knasmueller.net/5-answers-about-php-phar-exploitation?cookie-state-change=1583482795465