CVE-2008-5619

Name of the Vulnerable Software and Affected Versions Chuggnutt HTML to Text Converter (affected versions not specified) PHPMailer versions prior to 5.2.10 RoundCube Webmail versions 0.2-1.alpha through 0.2-3.beta Mahara (affected versions not specified) AtMail Open version 1.03

Description The issue allows remote attackers to execute arbitrary code via crafted input that is processed by the preg replace function with the eval switch. This is a result of a problem in the html2text.php file.

Recommendations For PHPMailer versions prior to 5.2.10, update to version 5.2.10 or later. For RoundCube Webmail versions 0.2-1.alpha through 0.2-3.beta, consider upgrading to a version outside of this range. For Mahara, At the moment, there is no information about a newer version that contains a fix for this vulnerability. For AtMail Open version 1.03, consider upgrading to a version outside of this range. As a temporary workaround, consider disabling the use of the preg replace function with the eval switch until a patch is available.