PHPMailer vulnerability CVE-2018-19296

cmsimple-xh / xhshop

A simple shop for CMSimple_XH

GNU General Public License v3.0

4 stars 3 forks source link

Closed manu37 closed 3 years ago

manu37 commented 3 years ago

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. https://www.cvedetails.com/cve-details.php?cve_id=CVE-2018-19296

cmb69 commented 3 years ago

I don't think that XH-Shop is affected by that vulnerability, but we should upgrade to 6 anyway.