How severe is CVE-2017-5223?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2017-5223?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2017-5223 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory.

Related Vulnerabilities

CVE-2008-3893

MEDIUM

CVSS:5.5(Medium)

Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sens...

CWE-2002008

CVE-2010-2538

MEDIUM

CVSS:5.5(Medium)

Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call.

CWE-2002010

CVE-2010-3078

MEDIUM

CVSS:5.5(Medium)

The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sen...

CWE-2002010

CVE-2011-2898

MEDIUM

CVSS:5.5(Medium)

net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows loc...

CWE-2002011

CVE-2011-4915

MEDIUM

CVSS:5.5(Medium)

fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.

CWE-2002011

CVE-2011-4916

MEDIUM

CVSS:5.5(Medium)

Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.

CWE-2002011