View Issue Details

IDProjectCategoryView StatusLast Update
0028530mantisbtsecuritypublic2021-06-17 03:05
Reporterdregad Assigned Todregad  
Status closedResolutionfixed 
Product Version2.25.0 
Target Version2.25.1Fixed in Version2.25.1 
Summary0028530: Update PHPMailer to 6.4.1 (fixes CVE-2020-36326)

PHPMailer 6.4.1 is a security release.


This is a reintroduction of an earlier issue (CVE-2018-19296) by an unrelated bug fix in PHPMailer 6.1.8. An external file may be unexpectedly executable if it is used as a path to an attachment file via PHP's support for .phar files`. Exploitation requires that an attacker is able to provide an unfiltered path to a file to attach, or to trick calling code into generating one.

PHPMailer versions >=6.1.8, <6.4.1 are affected; we're currently using 6.3.0, since 2.25.0; earlier MantisBT versions are not affected (2.24.2 was on PHPMailer 6.1.6).


TagsNo tags attached.


related to 0027118 closeddregad Update PHPMailer to 6.3.0 
related to 0028821 closeddregad Update PHPMailer to 6.5.0 


There are no notes attached to this issue.

Related Changesets

MantisBT: master-2.25 9cbe1cbb

2021-04-29 21:35


Committer: dregad

Details Diff
Bump phpmailer/phpmailer from 6.3.0 to 6.4.1

Bumps [phpmailer/phpmailer]( from 6.3.0 to 6.4.1.
- [Release notes](
- [Changelog](
- [Commits](

Signed-off-by: dependabot-preview[bot] <>

Fixes 0028530, PR
Affected Issues
mod - composer.lock Diff File