CVE-2016-10033

Опубликовано: 30 дек. 2016

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Критический

Описание

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted Sender property.

Ссылки

http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2016/Dec/78
Mailing List
Patch
Third Party Advisory
http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
Exploit
Third Party Advisory
http://www.securityfocus.com/archive/1/539963/100/0/threaded
Broken Link
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/95108
Broken Link
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037533
Broken Link
Third Party Advisory
VDB Entry
https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
Third Party Advisory
https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18
Patch
Vendor Advisory
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
Patch
Vendor Advisory
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
Exploit
Patch
Third Party Advisory
https://www.drupal.org/psa-2016-004
Third Party Advisory
https://www.exploit-db.com/exploits/40968/
Exploit
Patch
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/40969/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/40970/
Exploit
Patch
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/40974/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/40986/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/41962/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/41996/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/42024/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpmailer_project:phpmailer:*:*:*:*:*:*:*:*

Версия до 5.2.18 (исключая)

Конфигурация 2

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

Версия до 4.7 (включая)

Конфигурация 3

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Версия от 1.5.0 (включая) до 3.6.5 (включая)

EPSS

Процентиль: 100%

0.94415

Критический

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-88

Связанные уязвимости

CVE-2016-10033

CVSS3: 9.8

ubuntu

больше 8 лет назад

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

CVE-2016-10033

CVSS3: 9.8

debian

больше 8 лет назад

The mailSend function in the isMail transport in PHPMailer before 5.2. ...

GHSA-5f37-gxvh-23v6

CVSS3: 9.8

github

больше 5 лет назад

Remote code execution in PHPMailer

EPSS

Процентиль: 100%

0.94415

Критический

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-88