← Zuruck zu CVEs
CVE-2016-10033
CRITICALCISA KEV9.8
Beschreibung
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht12/30/2016
Zuletzt geandert4/21/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerPHP
ProduktPHPMailer
SchwachstellennamePHPMailer Command Injection Vulnerability
KEV Aufnahmedatum2025-07-07
Behebungsfrist2025-07-28
Ransomware-NutzungUnknown
Betroffene Produkte
joomla:joomla\!phpmailer_project:phpmailerwordpress:wordpress
Schwachen (CWE)
CWE-88CWE-88
Referenzen
http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html(cve@mitre.org)
http://seclists.org/fulldisclosure/2016/Dec/78(cve@mitre.org)
http://www.securityfocus.com/archive/1/539963/100/0/threaded(cve@mitre.org)
http://www.securityfocus.com/bid/95108(cve@mitre.org)
http://www.securitytracker.com/id/1037533(cve@mitre.org)
https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html(cve@mitre.org)
https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18(cve@mitre.org)
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities(cve@mitre.org)
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html(cve@mitre.org)
https://www.drupal.org/psa-2016-004(cve@mitre.org)
https://www.exploit-db.com/exploits/40968/(cve@mitre.org)
https://www.exploit-db.com/exploits/40969/(cve@mitre.org)
https://www.exploit-db.com/exploits/40970/(cve@mitre.org)
https://www.exploit-db.com/exploits/40974/(cve@mitre.org)
https://www.exploit-db.com/exploits/40986/(cve@mitre.org)
https://www.exploit-db.com/exploits/41962/(cve@mitre.org)
https://www.exploit-db.com/exploits/41996/(cve@mitre.org)
https://www.exploit-db.com/exploits/42024/(cve@mitre.org)
https://www.exploit-db.com/exploits/42221/(cve@mitre.org)
http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2016/Dec/78(af854a3a-2127-422b-91ae-364da2661108)
http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/539963/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/95108(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1037533(af854a3a-2127-422b-91ae-364da2661108)
https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities(af854a3a-2127-422b-91ae-364da2661108)
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.drupal.org/psa-2016-004(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/40968/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/40969/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/40970/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/40974/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/40986/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/41962/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/41996/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/42024/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/42221/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-10033(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.