|Max CVSS||7.5||Min CVSS||5.0||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a passwo
|11-07-2019 - 12:45||23-05-2017 - 04:29|
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
|09-10-2018 - 19:58||30-12-2016 - 19:59|