Vulnerability Details : CVE-2016-10034
Public exploit exists!
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
Vulnerability category: Execute code
Products affected by CVE-2016-10034
- cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend-mail:*:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend-mail:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend-mail:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend-mail:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend-mail:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend-mail:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend-mail:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend-mail:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend-mail:2.5.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-10034
92.62%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-10034
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-10034
-
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-10034
-
https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html
ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-VulnExploit;Technical Description;Third Party Advisory
-
https://www.exploit-db.com/exploits/42221/
PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution
-
https://framework.zend.com/security/advisory/ZF2016-04
Security Advisory - Security - Zend FrameworkExploit;Technical Description;Vendor Advisory
-
https://www.exploit-db.com/exploits/40979/
Zend Framework / zend-mail < 2.4.11 - Remote Code Execution
-
https://www.exploit-db.com/exploits/40986/
PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - 'AIO' 'PwnScriptum' Remote Code Execution
-
http://www.securitytracker.com/id/1037539
Zend Framework Input Validation Flaw in zend-mail Lets Remote Users Execute Arbitrary Code on the Target System - SecurityTracker
-
http://www.securityfocus.com/bid/95144
Zend Framework 'zend-mail' Component Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/201804-10
Zend Framework: Multiple vulnerabilities (GLSA 201804-10) — Gentoo security
Jump to