CVE-2016-10033: Remote code execution in PHPMailer
(updated )
The mailSend function in the default isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted Sender property.
References
- developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
- github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2016-10033.yaml
- github.com/PHPMailer/PHPMailer
- github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18
- github.com/PHPMailer/PHPMailer/security/advisories/GHSA-5f37-gxvh-23v6
- github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
- github.com/advisories/GHSA-5f37-gxvh-23v6
- legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
- nvd.nist.gov/vuln/detail/CVE-2016-10033
- www.drupal.org/psa-2016-004
- www.exploit-db.com/exploits/40968
- www.exploit-db.com/exploits/40969
- www.exploit-db.com/exploits/40970
- www.exploit-db.com/exploits/40974
- www.exploit-db.com/exploits/40986
- www.exploit-db.com/exploits/41962
- www.exploit-db.com/exploits/41996
- www.exploit-db.com/exploits/42024
- www.exploit-db.com/exploits/42221
Code Behaviors & Features
Detect and mitigate CVE-2016-10033 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →