CVE-2017-5223

low-risk

Published 2017-01-16

An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory.

Do I need to act?

2.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

43056

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Phpmailer

Affected Vendors

Phpmailer Project

References (8)

Exploit http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclos...

Third Party Advisory http://www.securityfocus.com/bid/95328

Issue Tracking https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md

https://www.exploit-db.com/exploits/43056/

Exploit http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclos...

Third Party Advisory http://www.securityfocus.com/bid/95328

Issue Tracking https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md

https://www.exploit-db.com/exploits/43056/

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 6/34 · Minimal

Exposure 5/34 · Minimal