Wordpress » Wordpress : Security Vulnerabilities Published In 2016 (Code Execution)

Copy

CVE-2016-10045

Public exploit exists

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.

Max CVSS

9.8

Published

2016-12-30

Updated

2021-09-30

EPSS

96.69%

CVE-2016-10033

Public exploit exists

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

Max CVSS

9.8

Published

2016-12-30

Updated

2021-09-30

EPSS

97.46%

2 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!