What is CVE-2017-5223?

CVE-2017-5223 is a medium-severity vulnerability in Phpmailer_project Phpmailer, classified under Information Disclosure. CVSS score: 5.5/10. Published 2017-01-16.

How severe is CVE-2017-5223?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Is CVE-2017-5223 known to be exploited?

138 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Phpmailer_project Phpmailer

CVE-2017-5223

An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attach…

Vulnerability class: Information Disclosure

EPSS: 0.029 (86.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Phpmailer_project Phpmailer
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)
cve@mitre.org (exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)

Frequently asked questions

What is CVE-2017-5223?: CVE-2017-5223 is a medium-severity vulnerability in Phpmailer_project Phpmailer, classified under Information Disclosure. CVSS score: 5.5/10. Published 2017-01-16.
How severe is CVE-2017-5223?: Medium severity. CVSS v3 base score is 5.5 out of 10.
Is CVE-2017-5223 known to be exploited?: 138 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.