What is CVE-2015-8476?

CVE-2015-8476 is a vulnerability in Phpmailer_project Phpmailer, classified under Improper Input Validation. Published 2015-12-16.

Is CVE-2015-8476 known to be exploited?

11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Phpmailer_project Phpmailer

CVE-2015-8476

Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to t…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.009 (76.7th percentile) — read the EPSS interpretation.

Affected products

Phpmailer_project Phpmailer
Debian Debian_linux — versions 6.0, 7.0, 8.0
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_CONFIRM)
FEDORA-2015-39522bb8c9 (x_refsource_FEDORA, vendor-advisory)
[oss-security] 20151204 Re: CVE Request: PHPMailer Message Injection Vulnerability (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
DSA-3416 (vendor-advisory, x_refsource_DEBIAN)
FEDORA-2015-abf9659276 (x_refsource_FEDORA, vendor-advisory)
78619 (vdb-entry, x_refsource_BID)
[oss-security] 20151204 CVE Request: PHPMailer Message Injection Vulnerability (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2015-8476?: CVE-2015-8476 is a vulnerability in Phpmailer_project Phpmailer, classified under Improper Input Validation. Published 2015-12-16.
Is CVE-2015-8476 known to be exploited?: 11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.