CVE-2015-8476

Name of the Vulnerable Software and Affected Versions PHPMailer versions prior to 5.2.14

Description The issue allows attackers to inject arbitrary SMTP commands via CRLF sequences in an email address to the validateAddress function in class.phpmailer.php or an SMTP command to the sendCommand function in class.smtp.php. This can be exploited by injecting line breaks into valid email addresses, which are not handled correctly in some contexts.

Recommendations For versions prior to 5.2.14, update to version 5.2.14 or later to resolve the issue. As a temporary workaround, consider manually stripping line breaks from email addresses before passing them to PHPMailer.