cve/2017/CVE-2017-5223.md

### [CVE-2017-5223](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5223)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory.

### POC

#### Reference
- https://www.exploit-db.com/exploits/43056/

#### Github
- https://github.com/777sot/PHPMailer
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Brens498/AulaMvc
- https://github.com/Dharini432/Leafnow
- https://github.com/Gessiweb/Could-not-access-file-var-tmp-file.tar.gz
- https://github.com/Hehhchen/eCommerce
- https://github.com/Jack-LaL/idk
- https://github.com/JesusAyalaEspinoza/p
- https://github.com/KNIGHTTH0R/PHPMail
- https://github.com/Kalyan457/Portfolio
- https://github.com/Keshav9863/MFA_SIGN_IN_PAGE
- https://github.com/Lu183/phpmail
- https://github.com/MIrfanShahid/PHPMailer
- https://github.com/MarcioPeters/PHP
- https://github.com/MartinDala/Envio-Simples-de-Email-com-PHPMailer-
- https://github.com/Mona-Mishra/User-Registration-System
- https://github.com/Mugdho55/Air_Ticket_Management_System
- https://github.com/NikhilReddyPuli/thenikhilreddy.github.io
- https://github.com/PatelMisha/Online-Flight-Booking-Management-System
- https://github.com/Preeti1502kashyap/loginpage
- https://github.com/Rachna-2018/email
- https://github.com/RakhithJK/Synchro-PHPMailer
- https://github.com/Ramkiskhan/sample
- https://github.com/Razzle23/mail-3
- https://github.com/RichardStwart/PHP
- https://github.com/Rivaldo28/ecommerce
- https://github.com/Sakanksha07/Journey-With-Food
- https://github.com/Sakshibadoni/LetsTravel
- https://github.com/SecRet-501/PHPMailer
- https://github.com/SeffuCodeIT/phpmailer
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Teeeiei/phpmailer
- https://github.com/ThatsSacha/forum
- https://github.com/VenusPR/PHP
- https://github.com/aegunasekara/PHPMailer
- https://github.com/aegunasekaran/PHPMailer
- https://github.com/alexandrazlatea/emails
- https://github.com/alokdas1982/phpmailer
- https://github.com/anishbhut/simpletest
- https://github.com/ank0809/Responsive-login-register-page
- https://github.com/antelove19/phpmailer
- https://github.com/anushasinha24/send-mail-using-PHPMailer
- https://github.com/arbaazkhanrs/Online_food_ordering_system
- https://github.com/arislanhaikal/PHPMailer_PHP_5.3
- https://github.com/ashiqdey/PHPmailer
- https://github.com/athirakottekadnew/testingRepophp
- https://github.com/bigtunacan/phpmailer5
- https://github.com/bkrishnasowmya/OTMS-project
- https://github.com/clemerribeiro/cbdu
- https://github.com/codersstock/PhpMailer
- https://github.com/crackerica/PHPMailer2
- https://github.com/cscli/CVE-2017-5223
- https://github.com/denniskinyuandege/mailer
- https://github.com/devhribeiro/cadweb_aritana
- https://github.com/dipak1997/Alumni-M
- https://github.com/dp7sv/ECOMM
- https://github.com/duhengchen1112/demo
- https://github.com/dylangerardf/dhl
- https://github.com/dylangerardf/dhl-supp
- https://github.com/eminemdordie/mailer
- https://github.com/entraned/PHPMailer
- https://github.com/faraz07-AI/fullstack-Jcomp
- https://github.com/fatfishdigital/phpmailer
- https://github.com/fatihbaba44/PeakGames
- https://github.com/fatihulucay/PeakGames
- https://github.com/frank850219/PHPMailerAutoSendingWithCSV
- https://github.com/gaguser/phpmailer
- https://github.com/geet56/geet22
- https://github.com/generalbao/phpmailer6
- https://github.com/gnikita01/hackedemistwebsite
- https://github.com/grayVTouch/phpmailer
- https://github.com/gzy403999903/PHPMailer
- https://github.com/huongbee/mailer0112
- https://github.com/huongbee/mailer0505
- https://github.com/ifindu-dk/phpmailer
- https://github.com/im-sacha-cohen/forum
- https://github.com/inusah42/ecomm
- https://github.com/ivankznru/PHPMailer
- https://github.com/izisoft/mailer
- https://github.com/izisoft/yii2-mailer
- https://github.com/jaimedaw86/repositorio-DAW06_PHP
- https://github.com/jamesxiaofeng/sendmail
- https://github.com/jbperry1998/bd_calendar
- https://github.com/jeddatinsyd/PHPMailer
- https://github.com/jesusclaramontegascon/PhpMailer
- https://github.com/juhi-gupta/PHPMailer-master
- https://github.com/laddoms/faces
- https://github.com/lanlehoang67/sender
- https://github.com/lcscastro/RecursoFunctionEmail
- https://github.com/leftarmm/speexx
- https://github.com/leocifrao/site-restaurante
- https://github.com/luxiaojue/phpmail
- https://github.com/madbananaman/L-Mailer
- https://github.com/marco-comi-sonarsource/PHPMailer
- https://github.com/mayankbansal100/PHPMailer
- https://github.com/mintoua/Fantaziya_WEBSite
- https://github.com/mkrdeptcreative/PHPMailer
- https://github.com/mohamed-aymen-ellafi/web
- https://github.com/morkamimi/poop
- https://github.com/nFnK/PHPMailer
- https://github.com/natsootail/alumni
- https://github.com/nh0k016/Haki-Store
- https://github.com/nyamleeze/commit_testing
- https://github.com/pctechsupport123/php
- https://github.com/prakashshubham13/portfolio
- https://github.com/prathamrathore/portfolio.php
- https://github.com/prostogorod/PHPMailer
- https://github.com/rasisbade/allphp
- https://github.com/rohandavid/fitdanish
- https://github.com/rrathi0705/email
- https://github.com/rudresh98/e_commerce_IFood
- https://github.com/sakshibohra05/project
- https://github.com/sankar-rgb/PHPMailer
- https://github.com/sarriscal/phpmailer
- https://github.com/sarvottam1766/Project
- https://github.com/sashasimulik/integration-1
- https://github.com/sccontroltotal/phpmailer
- https://github.com/sliani/PHPMailer-File-Attachments-FTP-to-Mail
- https://github.com/supreethsk/rental
- https://github.com/sweta-web/Online-Registration-System
- https://github.com/tvirus-01/PHP_mail
- https://github.com/vaartjesd/test
- https://github.com/vatann07/BloodConnect
- https://github.com/vedavith/mailer
- https://github.com/wesandradealves/sitio_email_api_demo
- https://github.com/windypermadi/PHP-Mailer
- https://github.com/yaya4095/PHPMailer
- https://github.com/zakiaafrin/PHPMailer
- https://github.com/zhangqiyi55/phpemail
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2017-5223](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5223)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory.

			`### POC`

			`#### Reference`
			`- https://www.exploit-db.com/exploits/43056/`

			`#### Github`
			`- https://github.com/777sot/PHPMailer`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/Brens498/AulaMvc`
			`- https://github.com/Dharini432/Leafnow`
			`- https://github.com/Gessiweb/Could-not-access-file-var-tmp-file.tar.gz`
			`- https://github.com/Hehhchen/eCommerce`
			`- https://github.com/Jack-LaL/idk`
			`- https://github.com/JesusAyalaEspinoza/p`
			`- https://github.com/KNIGHTTH0R/PHPMail`
			`- https://github.com/Kalyan457/Portfolio`
			`- https://github.com/Keshav9863/MFA_SIGN_IN_PAGE`
			`- https://github.com/Lu183/phpmail`
			`- https://github.com/MIrfanShahid/PHPMailer`
			`- https://github.com/MarcioPeters/PHP`
			`- https://github.com/MartinDala/Envio-Simples-de-Email-com-PHPMailer-`
Update CVE sources 2024-06-10 07:22 2024-06-10 07:22:43 +00:00			`- https://github.com/Mona-Mishra/User-Registration-System`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/Mugdho55/Air_Ticket_Management_System`
			`- https://github.com/NikhilReddyPuli/thenikhilreddy.github.io`
			`- https://github.com/PatelMisha/Online-Flight-Booking-Management-System`
			`- https://github.com/Preeti1502kashyap/loginpage`
			`- https://github.com/Rachna-2018/email`
			`- https://github.com/RakhithJK/Synchro-PHPMailer`
			`- https://github.com/Ramkiskhan/sample`
			`- https://github.com/Razzle23/mail-3`
			`- https://github.com/RichardStwart/PHP`
			`- https://github.com/Rivaldo28/ecommerce`
			`- https://github.com/Sakanksha07/Journey-With-Food`
			`- https://github.com/Sakshibadoni/LetsTravel`
			`- https://github.com/SecRet-501/PHPMailer`
			`- https://github.com/SeffuCodeIT/phpmailer`
			`- https://github.com/SexyBeast233/SecBooks`
			`- https://github.com/Teeeiei/phpmailer`
			`- https://github.com/ThatsSacha/forum`
			`- https://github.com/VenusPR/PHP`
			`- https://github.com/aegunasekara/PHPMailer`
			`- https://github.com/aegunasekaran/PHPMailer`
			`- https://github.com/alexandrazlatea/emails`
			`- https://github.com/alokdas1982/phpmailer`
			`- https://github.com/anishbhut/simpletest`
			`- https://github.com/ank0809/Responsive-login-register-page`
			`- https://github.com/antelove19/phpmailer`
			`- https://github.com/anushasinha24/send-mail-using-PHPMailer`
			`- https://github.com/arbaazkhanrs/Online_food_ordering_system`
			`- https://github.com/arislanhaikal/PHPMailer_PHP_5.3`
			`- https://github.com/ashiqdey/PHPmailer`
			`- https://github.com/athirakottekadnew/testingRepophp`
			`- https://github.com/bigtunacan/phpmailer5`
			`- https://github.com/bkrishnasowmya/OTMS-project`
			`- https://github.com/clemerribeiro/cbdu`
			`- https://github.com/codersstock/PhpMailer`
			`- https://github.com/crackerica/PHPMailer2`
			`- https://github.com/cscli/CVE-2017-5223`
			`- https://github.com/denniskinyuandege/mailer`
			`- https://github.com/devhribeiro/cadweb_aritana`
			`- https://github.com/dipak1997/Alumni-M`
			`- https://github.com/dp7sv/ECOMM`
			`- https://github.com/duhengchen1112/demo`
			`- https://github.com/dylangerardf/dhl`
			`- https://github.com/dylangerardf/dhl-supp`
			`- https://github.com/eminemdordie/mailer`
			`- https://github.com/entraned/PHPMailer`
			`- https://github.com/faraz07-AI/fullstack-Jcomp`
			`- https://github.com/fatfishdigital/phpmailer`
			`- https://github.com/fatihbaba44/PeakGames`
			`- https://github.com/fatihulucay/PeakGames`
			`- https://github.com/frank850219/PHPMailerAutoSendingWithCSV`
			`- https://github.com/gaguser/phpmailer`
			`- https://github.com/geet56/geet22`
			`- https://github.com/generalbao/phpmailer6`
			`- https://github.com/gnikita01/hackedemistwebsite`
			`- https://github.com/grayVTouch/phpmailer`
			`- https://github.com/gzy403999903/PHPMailer`
			`- https://github.com/huongbee/mailer0112`
			`- https://github.com/huongbee/mailer0505`
			`- https://github.com/ifindu-dk/phpmailer`
			`- https://github.com/im-sacha-cohen/forum`
			`- https://github.com/inusah42/ecomm`
			`- https://github.com/ivankznru/PHPMailer`
			`- https://github.com/izisoft/mailer`
			`- https://github.com/izisoft/yii2-mailer`
			`- https://github.com/jaimedaw86/repositorio-DAW06_PHP`
			`- https://github.com/jamesxiaofeng/sendmail`
			`- https://github.com/jbperry1998/bd_calendar`
			`- https://github.com/jeddatinsyd/PHPMailer`
			`- https://github.com/jesusclaramontegascon/PhpMailer`
			`- https://github.com/juhi-gupta/PHPMailer-master`
			`- https://github.com/laddoms/faces`
			`- https://github.com/lanlehoang67/sender`
			`- https://github.com/lcscastro/RecursoFunctionEmail`
			`- https://github.com/leftarmm/speexx`
			`- https://github.com/leocifrao/site-restaurante`
			`- https://github.com/luxiaojue/phpmail`
			`- https://github.com/madbananaman/L-Mailer`
			`- https://github.com/marco-comi-sonarsource/PHPMailer`
			`- https://github.com/mayankbansal100/PHPMailer`
			`- https://github.com/mintoua/Fantaziya_WEBSite`
			`- https://github.com/mkrdeptcreative/PHPMailer`
			`- https://github.com/mohamed-aymen-ellafi/web`
			`- https://github.com/morkamimi/poop`
			`- https://github.com/nFnK/PHPMailer`
			`- https://github.com/natsootail/alumni`
Update CVE sources 2024-06-07 04:52 2024-06-07 04:52:01 +00:00			`- https://github.com/nh0k016/Haki-Store`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/nyamleeze/commit_testing`
			`- https://github.com/pctechsupport123/php`
			`- https://github.com/prakashshubham13/portfolio`
			`- https://github.com/prathamrathore/portfolio.php`
			`- https://github.com/prostogorod/PHPMailer`
			`- https://github.com/rasisbade/allphp`
			`- https://github.com/rohandavid/fitdanish`
			`- https://github.com/rrathi0705/email`
			`- https://github.com/rudresh98/e_commerce_IFood`
			`- https://github.com/sakshibohra05/project`
			`- https://github.com/sankar-rgb/PHPMailer`
			`- https://github.com/sarriscal/phpmailer`
			`- https://github.com/sarvottam1766/Project`
			`- https://github.com/sashasimulik/integration-1`
			`- https://github.com/sccontroltotal/phpmailer`
			`- https://github.com/sliani/PHPMailer-File-Attachments-FTP-to-Mail`
			`- https://github.com/supreethsk/rental`
Update CVE sources 2024-06-22 09:37 2024-06-22 09:37:59 +00:00			`- https://github.com/sweta-web/Online-Registration-System`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/tvirus-01/PHP_mail`
			`- https://github.com/vaartjesd/test`
			`- https://github.com/vatann07/BloodConnect`
			`- https://github.com/vedavith/mailer`
			`- https://github.com/wesandradealves/sitio_email_api_demo`
			`- https://github.com/windypermadi/PHP-Mailer`
			`- https://github.com/yaya4095/PHPMailer`
			`- https://github.com/zakiaafrin/PHPMailer`
			`- https://github.com/zhangqiyi55/phpemail`