PHPMailer is one of the most popular open source PHP libraries to send emails used by more than 9 million users worldwide. The vulnerability allows an attacker to remotely execute arbitrary code in the context of the web server and compromise the target web application. The developers have patched the vulnerability in their new release, PHPMmailer 5.2.18. The researcher has put on hold more technical details about the flaw, including a proof-of-concept exploit code and video demonstration that will show the attack in action.
Source: https://thehackernews.com/2016/12/phpmailer-security.html