CVE-2016-10033: Remote Code Execution

December 30, 2016 (updated October 9, 2018)

There’s a critical vulnerability in PHPMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application.

References

github.com/PHPMailer/PHPMailer/blob/master/changelog.md
github.com/PHPMailer/PHPMailer/commit/4835657cd639fbd09afd33307cef164edf807cdc
github.com/opsxcq/exploit-CVE-2016-10033
legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

Detect and mitigate CVE-2016-10033 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →