#VU4756 Information disclosure in PHPMailer - CVE-2017-5223

Cybersecurity Help s.r.o.

Published: 2017-01-16 | Updated: 2018-09-14

Vulnerability identifier: #VU4756

Vulnerability risk: Medium

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2017-5223

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
PHPMailer
Web applications / Other software

Vendor: phpmailer.sourceforge.net

Description
The vulnerability allows a remote attacker to obtain access to potentially sensitive information.

The vulnerability exists in PHPMailer before 5.2.22 when handling HTML documents using msgHTML() method. A remote attacker can create a specially crafted message, containing relative links to images withing message and attach arbitrary local file to e-mail message.

Successful exploitation of this vulnerability may allow an attacker to send out arbitrary system files as email attachments.

Mitigation
Update to version 5.2.22.

Vulnerable software versions

PHPMailer: 5.2 - 5.2.21

External links
https://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-an...
https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Ubuntu update for libphp-phpmailer

Arbitrary file disclosure in PHPMailer