{"id":"CVE-2018-19296","details":"PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.","aliases":["GHSA-7w4p-72j7-v7c2"],"modified":"2026-04-02T01:23:39.021365Z","published":"2018-11-16T09:29:00.230Z","related":["MGASA-2019-0010"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4351"},{"type":"ADVISORY","url":"https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27"},{"type":"ADVISORY","url":"https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/12/msg00020.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/phpmailer/phpmailer","events":[{"introduced":"0"},{"fixed":"dde1db116511aa4956389d75546c5be4c2beb2a6"},{"introduced":"ea25dc122d22966b7dd4ca1083c63afeeb50dfcd"},{"fixed":"8190d73eb5def11a43cfb020b7f36db65330698c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.2.27"},{"introduced":"6.0.0"},{"fixed":"6.0.6"}]}},{"type":"GIT","repo":"https://github.com/wordpress/wordpress","events":[{"introduced":"3921fd373acaeeeee2029f762b676075cf375b33"},{"last_affected":"058f9903676a7efaee534a682df0a2a8b87574d8"}],"database_specific":{"versions":[{"introduced":"3.7"},{"last_affected":"5.7"}]}}],"versions":["3.7","phpmailer-5.0.0","phpmailer-5.0.2","phpmailer-5.1","v2.2.1","v5.0.0","v5.0.2","v5.1.0","v5.2.0","v5.2.1","v5.2.10","v5.2.11","v5.2.12","v5.2.13","v5.2.14","v5.2.15","v5.2.16","v5.2.17","v5.2.18","v5.2.19","v5.2.2","v5.2.20","v5.2.21","v5.2.22","v5.2.23","v5.2.24","v5.2.25","v5.2.26","v5.2.4","v5.2.5","v5.2.6","v5.2.7","v5.2.8","v5.2.9","v6.0.0","v6.0.0rc1","v6.0.0rc2","v6.0.0rc3","v6.0.0rc4","v6.0.0rc5","v6.0.1","v6.0.2","v6.0.3","v6.0.4","v6.0.5"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19296.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}