Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

PHPMailer Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in PHPMailer versions prior to 5.2.18. The issue arises in the 'isMail' transport when the 'Sender' property is crafted to include additional parameters that are passed to the mail command. This exploitation allows for arbitrary code execution on the server where the vulnerable PHPMailer version is used.

Impact

Exploitation of this vulnerability allows for remote code execution on the server, executed in the context of the web server user.

Reproduction

To reproduce this vulnerability, upload a PHP file that will be executed via the web server. Then, send an email using PHPMailer's 'isMail' transport, setting the 'Sender' property to include the crafted parameters that exploit the vulnerability. This can be done through a contact form or similar functionality that uses PHPMailer to send emails.

Remediation

PHPMailer has released a patch for this vulnerability in version 5.2.20. Users are advised to update to this version or later.

Added: Mar 12, 2026, 8:54 AM
Updated: Mar 12, 2026, 8:54 AM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
10.0
exploitability
6.4
remediation
7.7
relevance
0.0
threat
10.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.