← Volver a CVEs
CVE-2016-10033
CRITICALCISA KEV9.8
Descripcion
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/30/2016
Ultima modificacion4/21/2026
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorPHP
ProductoPHPMailer
Nombre vulnerabilidadPHPMailer Command Injection Vulnerability
Fecha inclusion KEV2025-07-07
Fecha limite remediacion2025-07-28
Uso en ransomwareUnknown
Productos afectados
joomla:joomla\!phpmailer_project:phpmailerwordpress:wordpress
Debilidades (CWE)
CWE-88CWE-88
Referencias
http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html(cve@mitre.org)
http://seclists.org/fulldisclosure/2016/Dec/78(cve@mitre.org)
http://www.securityfocus.com/archive/1/539963/100/0/threaded(cve@mitre.org)
http://www.securityfocus.com/bid/95108(cve@mitre.org)
http://www.securitytracker.com/id/1037533(cve@mitre.org)
https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html(cve@mitre.org)
https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18(cve@mitre.org)
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities(cve@mitre.org)
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html(cve@mitre.org)
https://www.drupal.org/psa-2016-004(cve@mitre.org)
https://www.exploit-db.com/exploits/40968/(cve@mitre.org)
https://www.exploit-db.com/exploits/40969/(cve@mitre.org)
https://www.exploit-db.com/exploits/40970/(cve@mitre.org)
https://www.exploit-db.com/exploits/40974/(cve@mitre.org)
https://www.exploit-db.com/exploits/40986/(cve@mitre.org)
https://www.exploit-db.com/exploits/41962/(cve@mitre.org)
https://www.exploit-db.com/exploits/41996/(cve@mitre.org)
https://www.exploit-db.com/exploits/42024/(cve@mitre.org)
https://www.exploit-db.com/exploits/42221/(cve@mitre.org)
http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2016/Dec/78(af854a3a-2127-422b-91ae-364da2661108)
http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/539963/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/95108(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1037533(af854a3a-2127-422b-91ae-364da2661108)
https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities(af854a3a-2127-422b-91ae-364da2661108)
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.drupal.org/psa-2016-004(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/40968/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/40969/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/40970/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/40974/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/40986/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/41962/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/41996/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/42024/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/42221/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-10033(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.