FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

PHPmailer -- SMTP injection vulnerability

Affected packages
phpmailer < 5.2.14


VuXML ID 8a90dc87-89f9-11e5-a408-00248c0c745d
Discovery 2015-11-05
Entry 2015-12-03

PHPMailer changelog reports:

Fix vulnerability that allowed email addresses with line breaks (valid in RFC5322) to pass to SMTP, permitting message injection at the SMTP level. Mitigated in both the address validator and in the lower-level SMTP class. Thanks to Takeshi Terada.