BUYING CVE-2018-19296 full poc
by foreveriwish - May 15, 2021 at 09:47 PM
#1
Buying full poc for CVE-2018-19296 hit me up with price.
Reply
#2
(May 15, 2021 at 09:47 PM)foreveriwish Wrote: Buying full poc for CVE-2018-19296 hit me up with price.

"PHPMailer versions prior to 6.0.6 and 5.2.27 are vulnerable to an object injection attack by passing phar:// paths into addAttachment() and other functions that may receive unfiltered local paths, possibly leading to RCE. See this article for more info on this type of vulnerability. Mitigated by blocking the use of paths containing URL-protocol style prefixes such as phar://. Reported by Sehun Oh of cyberone.kr.".

Source: https://github.com/advisories/GHSA-7w4p-72j7-v7c2
Reply

 Users browsing this thread: 1 Guest(s)