CVE-2017-5223

MEDIUM

PHPMailer <5.2.22 - Code Injection

Title source: llm

Description

An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory.

Exploits (2)

nomisec WORKING POC 1 stars

by cscli · poc

https://github.com/cscli/CVE-2017-5223

View Code ZIP pw:eip

exploitdb WORKING POC

by Maciek Krupa · pythonwebappsphp

https://www.exploit-db.com/exploits/43056

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95328

[Issue Tracking, Patch, Third Party Advisory] https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/43056/

Scores

CVSS v3 5.5

EPSS 0.1162

EPSS Percentile 93.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (3)

phpmailer_project/phpmailer < 5.2.21

phpmailer/phpmailer < 5.2.22Packagist

n/a/n/a

Timeline

Published Jan 16, 2017

Tracked Since Feb 18, 2026