PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2731 advisory.

  - PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. (CVE-2018-19296)

  - PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with     a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality     problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As     an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation.
    (CVE-2020-36326)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Mantis 2.25.1 and 2.25.2 releases report :

Security and maintenance release, PHPMailer update to 6.5.0

- 0028552: XSS in manage_custom_field_edit_page.php (CVE-2021-33557)

- 0028821: Update PHPMailer to 6.5.0 (CVE-2021-3603, CVE-2020-36326)

According to its self-reported version number, the detected WordPress application is affected by an object injection vulnerability in PHPMailer.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
152214	Debian DLA-2731-1 : wordpress - LTS security update	Nessus	Debian Local Security Checks	critical
151500	FreeBSD : mantis -- multiple vulnerabilities (9b1699ff-d84c-11eb-92d6-1b6ff3dfe4d3)	Nessus	FreeBSD Local Security Checks	critical
112793	WordPress 5.7.x < 5.7.2 Object injection	Web App Scanning	Component Vulnerability	critical
112792	WordPress 5.6.x < 5.6.4 Object injection	Web App Scanning	Component Vulnerability	critical
112791	WordPress 5.5.x < 5.5.5 Object injection	Web App Scanning	Component Vulnerability	critical
112790	WordPress 5.4.x < 5.4.6 Object injection	Web App Scanning	Component Vulnerability	critical
112789	WordPress 5.3.x < 5.3.8 Object injection	Web App Scanning	Component Vulnerability	critical
112788	WordPress 5.2.x < 5.2.11 Object injection	Web App Scanning	Component Vulnerability	critical
112787	WordPress 5.1.x < 5.1.10 Object injection	Web App Scanning	Component Vulnerability	critical
112786	WordPress 5.0.x < 5.0.13 Object injection	Web App Scanning	Component Vulnerability	critical
112785	WordPress 4.9.x < 4.9.18 Object injection	Web App Scanning	Component Vulnerability	critical
112784	WordPress 4.8.x < 4.8.17 Object injection	Web App Scanning	Component Vulnerability	critical
112783	WordPress 4.7.x < 4.7.21 Object injection	Web App Scanning	Component Vulnerability	critical
112782	WordPress 4.6.x < 4.6.21 Object injection	Web App Scanning	Component Vulnerability	critical
112781	WordPress 4.5.x < 4.5.24 Object injection	Web App Scanning	Component Vulnerability	critical
112780	WordPress 4.4.x < 4.4.25 Object injection	Web App Scanning	Component Vulnerability	critical
112779	WordPress 4.3.x < 4.3.26 Object injection	Web App Scanning	Component Vulnerability	critical
112778	WordPress 4.2.x < 4.2.30 Object injection	Web App Scanning	Component Vulnerability	critical
112777	WordPress 4.1.x < 4.1.33 Object injection	Web App Scanning	Component Vulnerability	critical
112776	WordPress 4.0.x < 4.0.33 Object injection	Web App Scanning	Component Vulnerability	critical
112775	WordPress 3.9.x < 3.9.34 Object injection	Web App Scanning	Component Vulnerability	critical
112774	WordPress 3.8.x < 3.8.36 Object injection	Web App Scanning	Component Vulnerability	critical
112773	WordPress 3.7.x < 3.7.36 Object injection	Web App Scanning	Component Vulnerability	critical

Detections

Analytics

CVE-2020-36326

critical

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical