Vulnerability Details : CVE-2016-10033
Public exploit exists!
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
Vulnerability category: Execute code
Products affected by CVE-2016-10033
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
- cpe:2.3:a:phpmailer_project:phpmailer:*:*:*:*:*:*:*:*
Threat overview for CVE-2016-10033
Top countries where our scanners detected CVE-2016-10033
Top open port discovered on systems with this issue
80
IPs affected by CVE-2016-10033 28
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-10033!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-10033
97.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2016-10033
-
PHPMailer Sendmail Argument Injection
Disclosure Date: 2016-12-26First seen: 2020-04-26exploit/multi/http/phpmailer_arg_injectionPHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This -
WordPress PHPMailer Host Header Command Injection
Disclosure Date: 2017-05-03First seen: 2020-04-26exploit/unix/webapp/wp_phpmailer_host_headerThis module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability.
CVSS scores for CVE-2016-10033
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-10033
-
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-10033
-
http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html
PHPMailer Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18
Release PHPMailer 5.2.18 · PHPMailer/PHPMailer · GitHubPatch;Vendor Advisory
-
https://www.exploit-db.com/exploits/40968/
PHPMailer < 5.2.18 - Remote Code Execution (Bash)Exploit;Patch;Third Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2016/Dec/78
Full Disclosure: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033]Mailing List;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/95108
PHPMailer CVE-2016-10033 Remote Code Execution VulnerabilityExploit;Third Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/42221/
PHPMailer < 5.2.20 with Exim MTA - Remote Code ExecutionExploit;Third Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/40970/
PHPMailer < 5.2.18 - Remote Code Execution (PHP)Exploit;Patch;Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1037533
PHPMailer Input Validation Flaw Lets Remote Users Execute Arbitrary Code on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/40986/
PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - 'AIO' 'PwnScriptum' Remote Code ExecutionExploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/539963/100/0/threaded
SecurityFocusThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/40969/
PHPMailer < 5.2.20 - Remote Code ExecutionExploit;Third Party Advisory;VDB Entry
-
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-VulnExploit;Patch;Third Party Advisory
-
https://www.exploit-db.com/exploits/42024/
WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit)Exploit;Third Party Advisory;VDB Entry
-
https://www.drupal.org/psa-2016-004
PHPmailer 3rd party library -- DRUPAL-SA-PSA-2016-004 | Drupal.orgThird Party Advisory
-
https://www.exploit-db.com/exploits/41996/
Vanilla Forums < 2.3 - Remote Code ExecutionExploit;Third Party Advisory;VDB Entry
-
http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
PHPMailer Sendmail Argument InjectionExploit;Third Party Advisory
-
http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
PHPMailer Sendmail Argument Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
[20161205] - PHPMailer Security AdvisoryThird Party Advisory
-
https://www.exploit-db.com/exploits/40974/
PHPMailer < 5.2.18 - Remote Code Execution (Python)Exploit;Third Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/41962/
WordPress 4.6 - Remote Code ExecutionExploit;Third Party Advisory;VDB Entry
-
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
About the CVE 2016 10033 and CVE 2016 10045 vulnerabilities · PHPMailer/PHPMailer Wiki · GitHubPatch;Vendor Advisory
Jump to